Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
support.Client.exe

Overview

General Information

Sample name:support.Client.exe
Analysis ID:1577049
MD5:ee1ec692c5f029ef3aaa57ab58db0f8c
SHA1:2fe849e27f98256e374a7b0ee1f9ccbbf68b9080
SHA256:71f723ce0a753c9a34ecf467a7e896daf19ac4e5e53d90200af2c15d6325f4f6
Infos:

Detection

ScreenConnect Tool
Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:33
Range:0 - 100

Signatures

.NET source code references suspicious native API functions
AI detected suspicious sample
Contains functionality to hide user accounts
Detected potential unwanted application
Reads the Security eventlog
Reads the System eventlog
AV process strings found (often used to terminate AV products)
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates or modifies windows services
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops certificate files (DER)
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
May use bcdedit to modify the Windows boot settings
One or more processes crash
PE file contains an invalid checksum
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Dfsvc.EXE Network Connection To Uncommon Ports
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected ScreenConnect Tool

Classification

  • System is w10x64
  • support.Client.exe (PID: 6224 cmdline: "C:\Users\user\Desktop\support.Client.exe" MD5: EE1EC692C5F029EF3AAA57AB58DB0F8C)
    • dfsvc.exe (PID: 6408 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe" MD5: B4088F44B80D363902E11F897A7BAC09)
      • ScreenConnect.WindowsClient.exe (PID: 2336 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exe" MD5: 20AB8141D958A58AADE5E78671A719BF)
    • WerFault.exe (PID: 1436 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 704 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
    C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
      SourceRuleDescriptionAuthorStrings
      00000009.00000000.2198215556.00000000009E2000.00000002.00000001.01000000.0000000C.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
        00000001.00000002.2532633706.000002C1B75CF000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
          Process Memory Space: dfsvc.exe PID: 6408JoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
            Process Memory Space: ScreenConnect.WindowsClient.exe PID: 2336JoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
              SourceRuleDescriptionAuthorStrings
              9.0.ScreenConnect.WindowsClient.exe.9e0000.0.unpackJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security

                System Summary

                barindex
                Source: Network ConnectionAuthor: Nasreddine Bencherchali (Nextron Systems): Data: DestinationIp: 192.168.2.4, DestinationIsIpv6: false, DestinationPort: 49732, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe, Initiated: true, ProcessId: 6408, Protocol: tcp, SourceIp: 104.21.64.1, SourceIsIpv6: false, SourcePort: 443
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-17T22:20:41.373466+010020098971A Network Trojan was detected104.21.64.1443192.168.2.449750TCP
                2024-12-17T22:20:44.382472+010020098971A Network Trojan was detected104.21.64.1443192.168.2.449753TCP
                2024-12-17T22:20:53.702721+010020098971A Network Trojan was detected104.21.64.1443192.168.2.449759TCP
                2024-12-17T22:20:56.197531+010020098971A Network Trojan was detected104.21.64.1443192.168.2.449760TCP
                2024-12-17T22:20:58.932550+010020098971A Network Trojan was detected104.21.64.1443192.168.2.449761TCP
                2024-12-17T22:21:01.611329+010020098971A Network Trojan was detected104.21.64.1443192.168.2.449762TCP
                2024-12-17T22:21:07.025259+010020098971A Network Trojan was detected104.21.64.1443192.168.2.449763TCP
                2024-12-17T22:21:10.366662+010020098971A Network Trojan was detected104.21.64.1443192.168.2.449764TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 93.8% probability
                Source: C:\Users\user\Desktop\support.Client.exeCode function: 0_2_00731000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00731000
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exeJump to behavior

                Compliance

                barindex
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exeJump to behavior
                Source: support.Client.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: support.Client.exeStatic PE information: certificate valid
                Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49732 version: TLS 1.2
                Source: support.Client.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdbU source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B7A09000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B76B1000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B74ED000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2941446526.000000001B6E1000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2934943286.0000000002AE2000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\ClickOnceRunner\Release\ClickOnceRunner.pdb source: support.Client.exe
                Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B74E9000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B7A09000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B76B1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2940752338.000000001B592000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2934847115.0000000002AC0000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.ClientService.dll.1.dr, ScreenConnect.ClientService.dll0.1.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdbe source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2198215556.00000000009E2000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B74E5000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B76B1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2943271015.000000001BC82000.00000002.00000001.01000000.00000012.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2198215556.00000000009E2000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdbW] source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B74E5000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B76B1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2943271015.000000001BC82000.00000002.00000001.01000000.00000012.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B7A09000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B76B1000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B74ED000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2941446526.000000001B6E1000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2934943286.0000000002AE2000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                Source: Binary string: \??\C:\Windows\symbols\dll\ScreenConnect.Core.pdbs source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2944740423.000000001BFC0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B77DF000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B76B1000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B733C000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2942586891.000000001BA42000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.Core.dll.1.dr, ScreenConnect.Core.dll0.1.dr
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Jump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\Jump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\Jump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.4:49766 -> 176.97.123.103:8880
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.application?h=wickgrip9.top&p=8880&k=BgIAAACkAABSU0ExAAgAAAEAAQDFvH7dgn59O3930pS66IDDblNLBSZU3lQVwAjbyC7bFRQoA8pMp1lRt5orwzmTLGZrjelxjQwNnxTn5%2bwvxd9XBlzyDBqrlDJd8OU9Op34%2bQPJjh9hfpOSyBfsUqX75KVejGdxOmNzvkEZmTWJDuwYxdKlYjQ7908hykS24m8kNLZsCQdn2PZLHuU978kEGplUn6N%2f7j8w4a48JNHZxKo2K4eHXPXv0KrrcS0rhHCk%2fELvRZ8yPgPyb5dA0M2sav6yx%2bPRdDqnj%2bpbrFFNWp2F9VDxNX0apOBx4SALsyzlcWxoj8gCgQ80UdH7u1h53GPqMZo%2bCXS2SsruOQmYPtnP HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.manifest HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.exe HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.dll HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.dll HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Windows.dll HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Core.dll HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzip
                Source: Joe Sandbox ViewIP Address: 104.21.64.1 104.21.64.1
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.21.64.1:443 -> 192.168.2.4:49750
                Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.21.64.1:443 -> 192.168.2.4:49759
                Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.21.64.1:443 -> 192.168.2.4:49761
                Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.21.64.1:443 -> 192.168.2.4:49753
                Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.21.64.1:443 -> 192.168.2.4:49760
                Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.21.64.1:443 -> 192.168.2.4:49762
                Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.21.64.1:443 -> 192.168.2.4:49763
                Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.21.64.1:443 -> 192.168.2.4:49764
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.application?h=wickgrip9.top&p=8880&k=BgIAAACkAABSU0ExAAgAAAEAAQDFvH7dgn59O3930pS66IDDblNLBSZU3lQVwAjbyC7bFRQoA8pMp1lRt5orwzmTLGZrjelxjQwNnxTn5%2bwvxd9XBlzyDBqrlDJd8OU9Op34%2bQPJjh9hfpOSyBfsUqX75KVejGdxOmNzvkEZmTWJDuwYxdKlYjQ7908hykS24m8kNLZsCQdn2PZLHuU978kEGplUn6N%2f7j8w4a48JNHZxKo2K4eHXPXv0KrrcS0rhHCk%2fELvRZ8yPgPyb5dA0M2sav6yx%2bPRdDqnj%2bpbrFFNWp2F9VDxNX0apOBx4SALsyzlcWxoj8gCgQ80UdH7u1h53GPqMZo%2bCXS2SsruOQmYPtnP HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.manifest HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.exe HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.dll HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.dll HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Windows.dll HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Core.dll HTTP/1.1Host: molatoripro.icuAccept-Encoding: gzip
                Source: global trafficDNS traffic detected: DNS query: molatoripro.icu
                Source: global trafficDNS traffic detected: DNS query: wickgrip9.top
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: support.Client.exe, 00000000.00000002.1953943323.000000000119B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrust
                Source: C56C4404C4DEF0DC88E5FCD9F09CB2F10.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: F2E248BEDDBB2D85122423C41028BFD4.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, C56C4404C4DEF0DC88E5FCD9F09CB2F1.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: support.Client.exe, 00000000.00000002.1953943323.000000000119B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.c
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                Source: support.Client.exe, 00000000.00000002.1953943323.000000000119B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256Time
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                Source: dfsvc.exe, 00000001.00000002.2544427466.000002C1D1E75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                Source: dfsvc.exe, 00000001.00000002.2541042814.000002C1CFB01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabrS
                Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD4157.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
                Source: dfsvc.exe, 00000001.00000002.2544097420.000002C1D1DA2000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532150227.000002C1B57D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f15ac81
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B7A09000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B79B3000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B76B1000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B79C7000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B7969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://molatoripro.icu
                Source: C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F1410.1.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, C56C4404C4DEF0DC88E5FCD9F09CB2F1.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0A
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0C
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0X
                Source: dfsvc.exe, 00000001.00000002.2544427466.000002C1D1E12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
                Source: dfsvc.exe, 00000001.00000002.2541531427.000002C1CFB6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B72CA000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2935112964.0000000002CF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: Amcache.hve.4.drString found in binary or memory: http://upx.sf.net
                Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2935112964.0000000002E37000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2935112964.0000000002E96000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2935112964.0000000002D95000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2935112964.000000000308A000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2935112964.000000000314E000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2935112964.0000000002FC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wickgrip9.top:8880/
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://www.digicert.com/CPS0
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B7828000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B7862000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B75CF000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B7862000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B7885000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B78FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.or
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B7340000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2core
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B7340000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2coreS
                Source: dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: ScreenConnect.Core.dll0.1.drString found in binary or memory: https://feedback.screenconnect.com/Feedback.axd
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B7505000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B7A09000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B79B3000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B76B1000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B79C7000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B7969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B76B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B79C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.Clie
                Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2934544457.0000000001180000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.Client.applica
                Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2933762417.0000000000FB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.Client.application
                Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2933652186.0000000000EE3000.00000004.00000020.00020000.00000000.sdmp, GBEPPMBC.log.1.drString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.application
                Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2933762417.0000000000FB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.Client.application5c561934e089
                Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2933762417.0000000000FFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.Client.application5c561934e089dSp
                Source: GBEPPMBC.log.1.drString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.Client.application?h=wickgrip9.top&p=8880&k=BgIAAACkAABSU0
                Source: dfsvc.exe, 00000001.00000002.2544097420.000002C1D1DC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.Client.applicationOCL.PZC(
                Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2933762417.0000000000FB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.Client.applicationOCL.PZCz
                Source: dfsvc.exe, 00000001.00000002.2544097420.000002C1D1DC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.Client.applicationQ
                Source: dfsvc.exe, 00000001.00000002.2544097420.000002C1D1DC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.Client.application_
                Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2933762417.0000000000FFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.Client.application_Ce089
                Source: dfsvc.exe, 00000001.00000002.2544097420.000002C1D1DC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.Client.application_sil1
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B79C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.Client.dll
                Source: dfsvc.exe, 00000001.00000002.2543512086.000002C1D189D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.Client.dllO
                Source: dfsvc.exe, 00000001.00000002.2543512086.000002C1D189D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.Client.dllo
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B75CF000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B7406000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2544427466.000002C1D1E75000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2935112964.0000000002C5A000.00000004.00000800.00020000.00000000.sdmp, GBEPPMBC.log.1.drString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.Client.manifest
                Source: dfsvc.exe, 00000001.00000002.2541531427.000002C1CFB34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.Client.manifest$
                Source: dfsvc.exe, 00000001.00000002.2541531427.000002C1CFB34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.Client.manifestx
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B7A09000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B74A7000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2543512086.000002C1D189D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.ClientService.dll
                Source: dfsvc.exe, 00000001.00000002.2544427466.000002C1D1E75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.ClientService.exe
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B76B1000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B74A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.Core.dll
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B7A09000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.Wind
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B7A09000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532150227.000002C1B57D4000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B74A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.Windows.dll
                Source: dfsvc.exe, 00000001.00000002.2532150227.000002C1B57D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.Windows.dll/
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B7969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.WindowsBackstageShell.exX
                Source: dfsvc.exe, 00000001.00000002.2544097420.000002C1D1DC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.WindowsBackstageShell.exe
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B7969000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2543512086.000002C1D189D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.WindowsBackstageShell.exe.config
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B7969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.WindowsClient.ex
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B76B1000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B74A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.WindowsClient.exe
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B7969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.WindowsClient.exe.config
                Source: dfsvc.exe, 00000001.00000002.2544097420.000002C1D1DC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.WindowsClient.exe.configZ
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B79B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.WindowsFileManag
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B7969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.WindowsFileManager.e
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B79C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.WindowsFileManager.exe
                Source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B7969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.WindowsFileManager.exe.config
                Source: dfsvc.exe, 00000001.00000002.2544097420.000002C1D1DC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoripro.icu/Bin/ScreenConnect.WindowsFileManager.exeL
                Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49732 version: TLS 1.2
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1Jump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4Jump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to dropped file

                Spam, unwanted Advertisements and Ransom Demands

                barindex
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\ScreenConnectJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\ScreenConnectJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior

                System Summary

                barindex
                Source: support.Client.exePE Siganture Subject Chain: CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US
                Source: C:\Users\user\Desktop\support.Client.exeCode function: 0_2_0073A4950_2_0073A495
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B89AEF51_2_00007FFD9B89AEF5
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B8B5D1F1_2_00007FFD9B8B5D1F
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B8A33B11_2_00007FFD9B8A33B1
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B8BB1ED1_2_00007FFD9B8BB1ED
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B8AD5101_2_00007FFD9B8AD510
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B8B28701_2_00007FFD9B8B2870
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B89F4411_2_00007FFD9B89F441
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B8912111_2_00007FFD9B891211
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B8961781_2_00007FFD9B896178
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B8B31011_2_00007FFD9B8B3101
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9B8A75589_2_00007FFD9B8A7558
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9B8A12989_2_00007FFD9B8A1298
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9BB8ABB49_2_00007FFD9BB8ABB4
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9BB922759_2_00007FFD9BB92275
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9BB8A9A19_2_00007FFD9BB8A9A1
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9BB9487F9_2_00007FFD9BB9487F
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9BB8B7E89_2_00007FFD9BB8B7E8
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9BB8B5F09_2_00007FFD9BB8B5F0
                Source: C:\Users\user\Desktop\support.Client.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 704
                Source: support.Client.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: ScreenConnect.WindowsBackstageShell.exe.1.dr, PopoutPanelTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                Source: ScreenConnect.WindowsBackstageShell.exe.1.dr, ProgramTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                Source: ScreenConnect.WindowsBackstageShell.exe.1.dr, TaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                Source: ScreenConnect.WindowsBackstageShell.exe0.1.dr, PopoutPanelTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                Source: ScreenConnect.WindowsBackstageShell.exe0.1.dr, ProgramTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                Source: ScreenConnect.WindowsBackstageShell.exe0.1.dr, TaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                Source: ScreenConnect.Windows.dll.1.dr, WindowsExtensions.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                Source: ScreenConnect.Windows.dll.1.dr, WindowsExtensions.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: ScreenConnect.Windows.dll.1.dr, WindowsExtensions.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: ScreenConnect.ClientService.dll.1.dr, WindowsLocalUserExtensions.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                Source: classification engineClassification label: mal48.evad.winEXE@6/71@2/2
                Source: C:\Users\user\Desktop\support.Client.exeCode function: 0_2_00731000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00731000
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\DeploymentJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeMutant created: NULL
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeMutant created: \Sessions\1\BaseNamedObjects\Global\netfxeventlog.1.0
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6224
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\DeploymentJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeCommand line argument: dfshim0_2_00731000
                Source: support.Client.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\support.Client.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\support.Client.exe "C:\Users\user\Desktop\support.Client.exe"
                Source: C:\Users\user\Desktop\support.Client.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
                Source: C:\Users\user\Desktop\support.Client.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 704
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exe"
                Source: C:\Users\user\Desktop\support.Client.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exe"Jump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: dfshim.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dfshim.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptnet.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: webio.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: uiautomationcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: dfshim.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: wtsapi32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                Source: support.Client.exeStatic PE information: certificate valid
                Source: support.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                Source: support.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                Source: support.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                Source: support.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: support.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                Source: support.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                Source: support.Client.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: support.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdbU source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B7A09000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B76B1000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B74ED000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2941446526.000000001B6E1000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2934943286.0000000002AE2000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\ClickOnceRunner\Release\ClickOnceRunner.pdb source: support.Client.exe
                Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B74E9000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B7A09000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B76B1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2940752338.000000001B592000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2934847115.0000000002AC0000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.ClientService.dll.1.dr, ScreenConnect.ClientService.dll0.1.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdbe source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2198215556.00000000009E2000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B74E5000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B76B1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2943271015.000000001BC82000.00000002.00000001.01000000.00000012.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2198215556.00000000009E2000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdbW] source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B74E5000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B76B1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2943271015.000000001BC82000.00000002.00000001.01000000.00000012.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B7A09000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B76B1000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B74ED000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2941446526.000000001B6E1000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2934943286.0000000002AE2000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                Source: Binary string: \??\C:\Windows\symbols\dll\ScreenConnect.Core.pdbs source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2944740423.000000001BFC0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: dfsvc.exe, 00000001.00000002.2532633706.000002C1B77DF000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B76B1000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B733C000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2942586891.000000001BA42000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.Core.dll.1.dr, ScreenConnect.Core.dll0.1.dr
                Source: support.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: support.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: support.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: support.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: support.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                Source: ScreenConnect.WindowsBackstageShell.exe.1.drStatic PE information: 0xB80EE04C [Tue Nov 8 12:57:48 2067 UTC]
                Source: C:\Users\user\Desktop\support.Client.exeCode function: 0_2_00731000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00731000
                Source: support.Client.exeStatic PE information: real checksum: 0x1bda6 should be: 0x22789
                Source: C:\Users\user\Desktop\support.Client.exeCode function: 0_2_00731BC0 push ecx; ret 0_2_00731BD3
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B77D2A5 pushad ; iretd 1_2_00007FFD9B77D2A6
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B897D00 push eax; retf 1_2_00007FFD9B897D1D
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B8A8D47 push 8B495CB0h; iretd 1_2_00007FFD9B8A8D4C
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B89842E pushad ; ret 1_2_00007FFD9B89845D
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B89845E push eax; ret 1_2_00007FFD9B89846D
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9B8A4162 push eax; ret 9_2_00007FFD9B8A4163
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9B8A30BA push eax; iretd 9_2_00007FFD9B8A30BB
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9B8A2E18 push eax; ret 9_2_00007FFD9B8A2E7B
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9BB955F7 push es; iretd 9_2_00007FFD9BB95627
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9BB89AFC push cs; ret 9_2_00007FFD9BB89B8A
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9BB89B10 push cs; ret 9_2_00007FFD9BB89B8A
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9BB89AD3 push cs; ret 9_2_00007FFD9BB89B8A
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9BB8CA42 push es; ret 9_2_00007FFD9BB8CA43
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9BB8DA14 pushad ; ret 9_2_00007FFD9BB8DA52
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9BB8D9CC pushad ; ret 9_2_00007FFD9BB8DA52
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9BB8D974 push edi; ret 9_2_00007FFD9BB8D9A2
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9BB8D931 push edx; ret 9_2_00007FFD9BB8D932
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9BB8D907 push ecx; ret 9_2_00007FFD9BB8D90A
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9BB820CA pushad ; retf 9_2_00007FFD9BB820CD
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9BB8C7F0 push ds; ret 9_2_00007FFD9BB8C7F1
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9BB8C7CF push ds; ret 9_2_00007FFD9BB8C7D0
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9BB8A674 push ss; ret 9_2_00007FFD9BB8A692
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9BB8A688 push ss; ret 9_2_00007FFD9BB8A692
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.ClientService.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.WindowsFileManager.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.Client.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.Windows.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.WindowsClient.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.Core.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.ClientService.exeJump to dropped file
                Source: ScreenConnect.ClientService.dll.1.drBinary or memory string: bcdedit.exeg/copy {current} /d "Reboot and Reconnect Safe Mode"7{.{8}-.{4}-.{4}-.{4}-.{12}}
                Source: ScreenConnect.ClientService.dll0.1.drBinary or memory string: bcdedit.exeg/copy {current} /d "Reboot and Reconnect Safe Mode"7{.{8}-.{4}-.{4}-.{4}-.{12}}
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\ApplicationJump to behavior

                Hooking and other Techniques for Hiding and Protection

                barindex
                Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2940752338.000000001B592000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2943271015.000000001BC82000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2934847115.0000000002AC0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                Source: ScreenConnect.ClientService.dll.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                Source: ScreenConnect.Windows.dll0.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                Source: ScreenConnect.ClientService.dll0.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                Source: ScreenConnect.Windows.dll.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                Source: C:\Users\user\Desktop\support.Client.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C BlobJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: 2C1B58B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: 2C1CF2B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeMemory allocated: 2960000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeMemory allocated: 1AC50000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599875Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599764Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599638Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599520Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599353Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599226Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599112Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598879Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598760Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598631Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598497Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597991Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597874Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597761Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597636Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597515Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597398Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597297Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597180Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597078Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596969Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596844Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596734Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596625Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596516Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596406Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596297Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596187Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596078Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595969Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595844Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595730Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595625Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595503Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595375Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595250Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595140Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595031Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594913Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594793Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594672Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594562Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594453Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594344Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594234Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594125Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594014Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593906Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593797Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593687Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593578Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeWindow / User API: threadDelayed 3077Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeWindow / User API: threadDelayed 6599Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.ClientService.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.WindowsFileManager.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.Client.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.Windows.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.Core.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.ClientService.exeJump to dropped file
                Source: C:\Users\user\Desktop\support.Client.exe TID: 6240Thread sleep time: -40000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -15679732462653109s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -600000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -599875s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -599764s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -599638s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -599520s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -599353s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -599226s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -599112s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -598879s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -598760s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -598631s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -598497s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -597991s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -597874s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -597761s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -597636s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -597515s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -597398s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -597297s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -597180s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -597078s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -596969s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -596844s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -596734s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -596625s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -596516s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -596406s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -596297s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -596187s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -596078s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -595969s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -595844s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -595730s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -595625s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -595503s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -595375s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -595250s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -595140s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -595031s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -594913s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -594793s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -594672s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -594562s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -594453s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -594344s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -594234s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -594125s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -594014s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -593906s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -593797s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -593687s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2872Thread sleep time: -593578s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\support.Client.exeThread delayed: delay time: 40000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599875Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599764Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599638Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599520Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599353Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599226Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599112Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598879Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598760Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598631Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598497Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597991Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597874Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597761Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597636Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597515Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597398Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597297Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597180Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597078Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596969Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596844Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596734Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596625Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596516Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596406Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596297Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596187Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596078Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595969Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595844Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595730Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595625Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595503Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595375Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595250Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595140Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595031Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594913Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594793Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594672Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594562Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594453Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594344Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594234Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594125Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594014Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593906Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593797Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593687Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593578Jump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Jump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\Jump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\Jump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\Jump to behavior
                Source: Amcache.hve.4.drBinary or memory string: VMware
                Source: Amcache.hve.4.drBinary or memory string: VMware Virtual USB Mouse
                Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.4.drBinary or memory string: VMware, Inc.
                Source: Amcache.hve.4.drBinary or memory string: VMware20,1hbin@
                Source: Amcache.hve.4.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: Amcache.hve.4.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Amcache.hve.4.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: dfsvc.exe, 00000001.00000002.2544797462.000002C1D1ECD000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2544797462.000002C1D1EBF000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2541042814.000002C1CFA80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: Amcache.hve.4.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.4.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: Amcache.hve.4.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.4.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Amcache.hve.4.drBinary or memory string: vmci.sys
                Source: Amcache.hve.4.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin`
                Source: Amcache.hve.4.drBinary or memory string: \driver\vmci,\driver\pci
                Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2941446526.000000001B677000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll_V^
                Source: Amcache.hve.4.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.4.drBinary or memory string: VMware20,1
                Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.4.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.4.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: Amcache.hve.4.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: Amcache.hve.4.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.4.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: Amcache.hve.4.drBinary or memory string: VMware VMCI Bus Device
                Source: Amcache.hve.4.drBinary or memory string: VMware Virtual RAM
                Source: Amcache.hve.4.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: Amcache.hve.4.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: C:\Users\user\Desktop\support.Client.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeCode function: 0_2_00734573 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00734573
                Source: C:\Users\user\Desktop\support.Client.exeCode function: 0_2_00731000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00731000
                Source: C:\Users\user\Desktop\support.Client.exeCode function: 0_2_00733677 mov eax, dword ptr fs:[00000030h]0_2_00733677
                Source: C:\Users\user\Desktop\support.Client.exeCode function: 0_2_00736893 GetProcessHeap,0_2_00736893
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"Jump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeCode function: 0_2_00731493 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00731493
                Source: C:\Users\user\Desktop\support.Client.exeCode function: 0_2_00734573 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00734573
                Source: C:\Users\user\Desktop\support.Client.exeCode function: 0_2_0073191F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0073191F
                Source: C:\Users\user\Desktop\support.Client.exeCode function: 0_2_00731AAC SetUnhandledExceptionFilter,0_2_00731AAC
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: ScreenConnect.ClientService.dll.1.dr, ClientService.csReference to suspicious API methods: WindowsExtensions.OpenProcess(processID, (ProcessAccess)33554432)
                Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualAlloc(attemptImageBase, dwSize, WindowsNative.MEM.MEM_COMMIT | WindowsNative.MEM.MEM_RESERVE, WindowsNative.PAGE.PAGE_READWRITE)
                Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.LoadLibrary(loadedImageBase + ptr[i].Name)
                Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.GetProcAddress(intPtr, ptr5)
                Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualProtect(loadedImageBase + sectionHeaders[i].VirtualAddress, (IntPtr)num, flNewProtect, &pAGE)
                Source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2198215556.00000000009E2000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.drBinary or memory string: Progman
                Source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2198215556.00000000009E2000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.drBinary or memory string: Shell_TrayWnd-Shell_SecondaryTrayWnd%MsgrIMEWindowClass
                Source: C:\Users\user\Desktop\support.Client.exeCode function: 0_2_00731BD4 cpuid 0_2_00731BD4
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.Client.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.Core.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.Client.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.Core.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.ClientService.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.WindowsBackstageShell.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.WindowsFileManager.exe.config VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.WindowsClient.exe.config VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.WindowsBackstageShell.exe.config VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.WindowsFileManager.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.Client.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.Core.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.Client.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.Core.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeCode function: 0_2_00731806 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00731806
                Source: C:\Users\user\Desktop\support.Client.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.4.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.4.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: Amcache.hve.4.drBinary or memory string: MsMpEng.exe
                Source: C:\Users\user\Desktop\support.Client.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C BlobJump to behavior
                Source: Yara matchFile source: 9.0.ScreenConnect.WindowsClient.exe.9e0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000009.00000000.2198215556.00000000009E2000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.2532633706.000002C1B75CF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: dfsvc.exe PID: 6408, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: ScreenConnect.WindowsClient.exe PID: 2336, type: MEMORYSTR
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe, type: DROPPED
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                Native API
                1
                DLL Side-Loading
                1
                DLL Side-Loading
                21
                Disable or Modify Tools
                OS Credential Dumping1
                System Time Discovery
                Remote Services1
                Archive Collected Data
                1
                Ingress Tool Transfer
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts2
                Command and Scripting Interpreter
                1
                DLL Search Order Hijacking
                1
                DLL Search Order Hijacking
                1
                Obfuscated Files or Information
                LSASS Memory1
                File and Directory Discovery
                Remote Desktop ProtocolData from Removable Media21
                Encrypted Channel
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                Scheduled Task/Job
                1
                Windows Service
                1
                Windows Service
                1
                Install Root Certificate
                Security Account Manager24
                System Information Discovery
                SMB/Windows Admin SharesData from Network Shared Drive1
                Non-Standard Port
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCron1
                Scheduled Task/Job
                2
                Process Injection
                1
                Timestomp
                NTDS41
                Security Software Discovery
                Distributed Component Object ModelInput Capture2
                Non-Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchd1
                Bootkit
                1
                Scheduled Task/Job
                1
                DLL Side-Loading
                LSA Secrets1
                Process Discovery
                SSHKeylogging3
                Application Layer Protocol
                Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Search Order Hijacking
                Cached Domain Credentials41
                Virtualization/Sandbox Evasion
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                Masquerading
                DCSync1
                Application Window Discovery
                Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                Modify Registry
                Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt41
                Virtualization/Sandbox Evasion
                /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
                Process Injection
                Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                Hidden Users
                Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
                Bootkit
                KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                No Antivirus matches
                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exe0%ReversingLabs
                C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exe0%ReversingLabs
                C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exe0%ReversingLabs
                C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe0%ReversingLabs
                C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.Client.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.ClientService.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.ClientService.exe0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.Core.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.Windows.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.WindowsBackstageShell.exe0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.WindowsClient.exe0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\Deployment\4W3PXR9L.QEK\X219OXNC.ZPE\ScreenConnect.WindowsFileManager.exe0%ReversingLabs
                No Antivirus matches
                No Antivirus matches
                SourceDetectionScannerLabelLink
                https://molatoripro.icu/Bin/ScreenConnect.WindowsFileManager.e0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.Client.application0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.Client.applicationQ0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.Wind0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.WindowsFileManager.exe0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.Client.manifest0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.WindowsClient.exe.configZ0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.Core.dll0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.ClientService.exe0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.Client.application?h=wickgrip9.top&p=8880&k=BgIAAACkAABSU00%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.Client.dllo0%Avira URL Cloudsafe
                http://molatoripro.icu0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.Client.application5c561934e089dSp0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.Client.manifest$0%Avira URL Cloudsafe
                http://www.xrml.org/schema/2001/11/xrml2coreS0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.Client.applicationOCL.PZC(0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.WindowsFileManager.exe.config0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.WindowsBackstageShell.exX0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.WindowsFileManager.exeL0%Avira URL Cloudsafe
                http://www.w3.o0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.WindowsClient.ex0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.WindowsBackstageShell.exe0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.Windows.dll/0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.WindowsClient.exe0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.WindowsBackstageShell.exe.config0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.Client.application_Ce0890%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.Clie0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.ClientService.dll0%Avira URL Cloudsafe
                http://www.xrml.org/schema/2001/11/xrml2core0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.Client.dll0%Avira URL Cloudsafe
                https://molatoripro.icu0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.Client.manifestx0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.Client.applicationOCL.PZCz0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.Client.application_sil10%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.Client.application5c561934e0890%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.WindowsFileManag0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.Windows.dll0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.application0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.Client.application_0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.WindowsClient.exe.config0%Avira URL Cloudsafe
                https://molatoripro.icu/Bin/ScreenConnect.Client.applica0%Avira URL Cloudsafe
                http://wickgrip9.top:8880/0%Avira URL Cloudsafe
                NameIPActiveMaliciousAntivirus DetectionReputation
                molatoripro.icu
                104.21.64.1
                truefalse
                  unknown
                  bg.microsoft.map.fastly.net
                  199.232.214.172
                  truefalse
                    high
                    wickgrip9.top
                    176.97.123.103
                    truefalse
                      unknown
                      fp2e7a.wpc.phicdn.net
                      192.229.221.95
                      truefalse
                        high
                        NameMaliciousAntivirus DetectionReputation
                        https://molatoripro.icu/Bin/ScreenConnect.Client.manifestfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://molatoripro.icu/Bin/ScreenConnect.WindowsFileManager.exefalse
                        • Avira URL Cloud: safe
                        unknown
                        https://molatoripro.icu/Bin/ScreenConnect.Core.dllfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://molatoripro.icu/Bin/ScreenConnect.ClientService.exefalse
                        • Avira URL Cloud: safe
                        unknown
                        https://molatoripro.icu/Bin/ScreenConnect.WindowsFileManager.exe.configfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://molatoripro.icu/Bin/ScreenConnect.WindowsBackstageShell.exefalse
                        • Avira URL Cloud: safe
                        unknown
                        https://molatoripro.icu/Bin/ScreenConnect.WindowsClient.exefalse
                        • Avira URL Cloud: safe
                        unknown
                        https://molatoripro.icu/Bin/ScreenConnect.WindowsBackstageShell.exe.configfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://molatoripro.icu/Bin/ScreenConnect.ClientService.dllfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://molatoripro.icu/Bin/ScreenConnect.Client.dllfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://molatoripro.icu/Bin/ScreenConnect.Windows.dllfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://molatoripro.icu/Bin/ScreenConnect.WindowsClient.exe.configfalse
                        • Avira URL Cloud: safe
                        unknown
                        NameSourceMaliciousAntivirus DetectionReputation
                        https://molatoripro.icu/Bin/ScreenConnect.Client.application?h=wickgrip9.top&p=8880&k=BgIAAACkAABSU0GBEPPMBC.log.1.drfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://www.fontbureau.com/designersGdfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                          high
                          https://molatoripro.icu/Bin/ScreenConnect.Client.applicationQdfsvc.exe, 00000001.00000002.2544097420.000002C1D1DC1000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://molatoripro.icu/Bin/ScreenConnect.Winddfsvc.exe, 00000001.00000002.2532633706.000002C1B7A09000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://www.fontbureau.com/designers/?dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            http://www.founder.com.cn/cn/bThedfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              https://molatoripro.icu/Bin/ScreenConnect.Client.applicationScreenConnect.WindowsClient.exe, 00000009.00000002.2933762417.0000000000FB1000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://www.fontbureau.com/designers?dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                https://molatoripro.icu/Bin/ScreenConnect.WindowsFileManager.edfsvc.exe, 00000001.00000002.2532633706.000002C1B7969000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://www.tiro.comdfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  http://www.fontbureau.com/designersdfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    http://www.goodfont.co.krdfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      https://molatoripro.icu/Bin/ScreenConnect.WindowsClient.exe.configZdfsvc.exe, 00000001.00000002.2544097420.000002C1D1DC1000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      http://www.sajatypeworks.comdfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        http://www.typography.netDdfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          https://molatoripro.icu/Bin/ScreenConnect.Client.dllodfsvc.exe, 00000001.00000002.2543512086.000002C1D189D000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.founder.com.cn/cn/cThedfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            http://www.galapagosdesign.com/staff/dennis.htmdfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              https://molatoripro.icu/Bin/ScreenConnect.Client.application5c561934e089dSpScreenConnect.WindowsClient.exe, 00000009.00000002.2933762417.0000000000FFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              http://www.xrml.org/schema/2001/11/xrml2coreSdfsvc.exe, 00000001.00000002.2532633706.000002C1B7340000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              http://molatoripro.icudfsvc.exe, 00000001.00000002.2532633706.000002C1B7A09000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B79B3000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B76B1000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B79C7000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B7969000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://molatoripro.icu/Bin/ScreenConnect.Client.applicationOCL.PZC(dfsvc.exe, 00000001.00000002.2544097420.000002C1D1DC1000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://molatoripro.icu/Bin/ScreenConnect.Client.manifest$dfsvc.exe, 00000001.00000002.2541531427.000002C1CFB34000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://molatoripro.icu/Bin/ScreenConnect.WindowsBackstageShell.exXdfsvc.exe, 00000001.00000002.2532633706.000002C1B7969000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              http://www.galapagosdesign.com/DPleasedfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                http://www.w3.odfsvc.exe, 00000001.00000002.2532633706.000002C1B7828000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B7862000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://molatoripro.icu/Bin/ScreenConnect.WindowsFileManager.exeLdfsvc.exe, 00000001.00000002.2544097420.000002C1D1DC1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.fonts.comdfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  http://www.sandoll.co.krdfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    http://www.urwpp.deDPleasedfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      http://www.zhongyicts.com.cndfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        https://molatoripro.icu/Bin/ScreenConnect.WindowsClient.exdfsvc.exe, 00000001.00000002.2532633706.000002C1B7969000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namedfsvc.exe, 00000001.00000002.2532633706.000002C1B72CA000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2935112964.0000000002CF8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://www.sakkal.comdfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://molatoripro.icu/Bin/ScreenConnect.dfsvc.exe, 00000001.00000002.2532633706.000002C1B76B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            http://crl3.digicert.csupport.Client.exe, 00000000.00000002.1953943323.000000000119B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              high
                                                              https://molatoripro.icu/Bin/ScreenConnect.Client.dllOdfsvc.exe, 00000001.00000002.2543512086.000002C1D189D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                unknown
                                                                http://www.apache.org/licenses/LICENSE-2.0dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://www.fontbureau.comdfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://molatoripro.icu/Bin/ScreenConnect.Windows.dll/dfsvc.exe, 00000001.00000002.2532150227.000002C1B57D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    https://molatoripro.icu/Bin/ScreenConnect.Client.application_Ce089ScreenConnect.WindowsClient.exe, 00000009.00000002.2933762417.0000000000FFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    https://molatoripro.icu/Bin/ScreenConnect.Cliedfsvc.exe, 00000001.00000002.2532633706.000002C1B79C7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    http://www.xrml.org/schema/2001/11/xrml2coredfsvc.exe, 00000001.00000002.2532633706.000002C1B7340000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    http://www.w3.ordfsvc.exe, 00000001.00000002.2532633706.000002C1B75CF000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B7862000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B7885000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B78FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://molatoripro.icu/Bin/ScreenConnect.Client.manifestxdfsvc.exe, 00000001.00000002.2541531427.000002C1CFB34000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      http://upx.sf.netAmcache.hve.4.drfalse
                                                                        high
                                                                        https://molatoripro.icu/Bin/ScreenConnect.Client.applicationOCL.PZCzScreenConnect.WindowsClient.exe, 00000009.00000002.2933762417.0000000000FB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        unknown
                                                                        https://molatoripro.icudfsvc.exe, 00000001.00000002.2532633706.000002C1B7505000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B7A09000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B79B3000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B76B1000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B79C7000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2532633706.000002C1B7969000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        unknown
                                                                        http://www.carterandcone.comldfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://molatoripro.icu/Bin/ScreenConnect.Client.application_sil1dfsvc.exe, 00000001.00000002.2544097420.000002C1D1DC1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          http://www.fontbureau.com/designers/cabarga.htmlNdfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://molatoripro.icu/Bin/ScreenConnect.WindowsFileManagdfsvc.exe, 00000001.00000002.2532633706.000002C1B79B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            http://www.founder.com.cn/cndfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://www.fontbureau.com/designers/frere-user.htmldfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://molatoripro.icu/Bin/ScreenConnect.Client.application5c561934e089ScreenConnect.WindowsClient.exe, 00000009.00000002.2933762417.0000000000FB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                unknown
                                                                                http://www.jiyu-kobo.co.jp/dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://feedback.screenconnect.com/Feedback.axdScreenConnect.Core.dll0.1.drfalse
                                                                                    high
                                                                                    https://molatoripro.icu/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.applicationScreenConnect.WindowsClient.exe, 00000009.00000002.2933652186.0000000000EE3000.00000004.00000020.00020000.00000000.sdmp, GBEPPMBC.log.1.drfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    unknown
                                                                                    https://molatoripro.icu/Bin/ScreenConnect.Client.application_dfsvc.exe, 00000001.00000002.2544097420.000002C1D1DC1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    unknown
                                                                                    http://www.fontbureau.com/designers8dfsvc.exe, 00000001.00000002.2542368212.000002C1D1382000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://molatoripro.icu/Bin/ScreenConnect.Client.applicaScreenConnect.WindowsClient.exe, 00000009.00000002.2934544457.0000000001180000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      http://wickgrip9.top:8880/ScreenConnect.WindowsClient.exe, 00000009.00000002.2935112964.0000000002E37000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2935112964.0000000002E96000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2935112964.0000000002D95000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2935112964.000000000308A000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2935112964.000000000314E000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2935112964.0000000002FC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      • No. of IPs < 25%
                                                                                      • 25% < No. of IPs < 50%
                                                                                      • 50% < No. of IPs < 75%
                                                                                      • 75% < No. of IPs
                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                      176.97.123.103
                                                                                      wickgrip9.topUkraine
                                                                                      6698ARCHERNETRUfalse
                                                                                      104.21.64.1
                                                                                      molatoripro.icuUnited States
                                                                                      13335CLOUDFLARENETUSfalse
                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                      Analysis ID:1577049
                                                                                      Start date and time:2024-12-17 22:19:28 +01:00
                                                                                      Joe Sandbox product:CloudBasic
                                                                                      Overall analysis duration:0h 7m 6s
                                                                                      Hypervisor based Inspection enabled:false
                                                                                      Report type:full
                                                                                      Cookbook file name:default.jbs
                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                      Number of analysed new started processes analysed:11
                                                                                      Number of new started drivers analysed:0
                                                                                      Number of existing processes analysed:0
                                                                                      Number of existing drivers analysed:0
                                                                                      Number of injected processes analysed:0
                                                                                      Technologies:
                                                                                      • HCA enabled
                                                                                      • EGA enabled
                                                                                      • AMSI enabled
                                                                                      Analysis Mode:default
                                                                                      Analysis stop reason:Timeout
                                                                                      Sample name:support.Client.exe
                                                                                      Detection:MAL
                                                                                      Classification:mal48.evad.winEXE@6/71@2/2
                                                                                      EGA Information:
                                                                                      • Successful, ratio: 100%
                                                                                      HCA Information:
                                                                                      • Successful, ratio: 59%
                                                                                      • Number of executed functions: 116
                                                                                      • Number of non-executed functions: 25
                                                                                      Cookbook Comments:
                                                                                      • Found application associated with file extension: .exe
                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                      • Excluded IPs from analysis (whitelisted): 192.229.221.95, 104.208.16.94, 199.232.210.172, 20.190.177.83, 23.218.208.109, 20.12.23.50, 52.149.20.212, 13.107.246.63
                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, cacerts.digicert.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, ocsp.edge.digicert.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, wu-b-net.trafficmanager.net, onedsblobprdcus16.centralus.cloudapp.azure.com
                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                      • VT rate limit hit for: support.Client.exe
                                                                                      TimeTypeDescription
                                                                                      16:20:21API Interceptor68529x Sleep call for process: dfsvc.exe modified
                                                                                      16:20:21API Interceptor1x Sleep call for process: support.Client.exe modified
                                                                                      16:20:47API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      104.21.64.1SH8ZyOWNi2.exeGet hashmaliciousCMSBruteBrowse
                                                                                      • adsfirm.com/administrator/index.php
                                                                                      PO2412010.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.bser101pp.buzz/v89f/
                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      fp2e7a.wpc.phicdn.netfile.exeGet hashmaliciousRemcosBrowse
                                                                                      • 192.229.221.95
                                                                                      66DJ2wErLz.exeGet hashmaliciousLummaCBrowse
                                                                                      • 192.229.221.95
                                                                                      https://flusoprano.com/f/4/0/f24b0aaf975ee65a83aae9b19316ec90.jsGet hashmaliciousUnknownBrowse
                                                                                      • 192.229.221.95
                                                                                      nSs9QIsTua.jsGet hashmaliciousUnknownBrowse
                                                                                      • 192.229.221.95
                                                                                      http://uhsee.comGet hashmaliciousUnknownBrowse
                                                                                      • 192.229.221.95
                                                                                      veOECiSunn.exeGet hashmaliciousUnknownBrowse
                                                                                      • 192.229.221.95
                                                                                      z2kJvTjVVa.exeGet hashmaliciousCryptbotBrowse
                                                                                      • 192.229.221.95
                                                                                      DQmU06kq9I.exeGet hashmaliciousLiteHTTP BotBrowse
                                                                                      • 192.229.221.95
                                                                                      3fX4NR35LH.exeGet hashmaliciousCryptbotBrowse
                                                                                      • 192.229.221.95
                                                                                      a8o2z9Awf6.exeGet hashmaliciousUnknownBrowse
                                                                                      • 192.229.221.95
                                                                                      bg.microsoft.map.fastly.net5.msiGet hashmaliciousDanaBot, NitolBrowse
                                                                                      • 199.232.214.172
                                                                                      file.exeGet hashmaliciousRemcosBrowse
                                                                                      • 199.232.214.172
                                                                                      https://garfieldthecat.tech/Receipt.htmlGet hashmaliciousWinSearchAbuseBrowse
                                                                                      • 199.232.210.172
                                                                                      lavita.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                      • 199.232.210.172
                                                                                      mjjt5kTb4o.lnkGet hashmaliciousUnknownBrowse
                                                                                      • 199.232.214.172
                                                                                      uEhN67huiV.dllGet hashmaliciousUnknownBrowse
                                                                                      • 199.232.210.172
                                                                                      Clienter.dll.dllGet hashmaliciousUnknownBrowse
                                                                                      • 199.232.210.172
                                                                                      Clienter.dll.dllGet hashmaliciousUnknownBrowse
                                                                                      • 199.232.210.172
                                                                                      Shipping Bill No6239999Dt09122024.PDF.jarGet hashmaliciousCaesium Obfuscator, STRRATBrowse
                                                                                      • 199.232.214.172
                                                                                      BwQ1ZjHbt3.batGet hashmaliciousUnknownBrowse
                                                                                      • 199.232.214.172
                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      ARCHERNETRU63w24wNW0d.exeGet hashmaliciousUnknownBrowse
                                                                                      • 176.97.114.202
                                                                                      Payment Confirmation-- (2).pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                      • 176.97.117.68
                                                                                      firmware.i686.elfGet hashmaliciousUnknownBrowse
                                                                                      • 176.97.113.111
                                                                                      https://s3.amazonaws.com/eh9egergergz15/red.html#cl/896378_smd/140/445528/5322/1368/1801865Get hashmaliciousPhisherBrowse
                                                                                      • 176.97.124.169
                                                                                      http://gbftrk.liveGet hashmaliciousUnknownBrowse
                                                                                      • 176.97.112.149
                                                                                      oVpWtpuTDv.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                      • 176.97.114.45
                                                                                      m5UuD16iNO.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                      • 176.97.114.45
                                                                                      C58qNC4lZw.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                      • 176.97.114.45
                                                                                      wcdrdQcbbe.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                      • 176.97.114.45
                                                                                      IwBfSMGQbL.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                      • 176.97.114.45
                                                                                      CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Poverty Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                      • 172.67.209.202
                                                                                      https://mail.donotreply.biz/XWW04VVZpU2JyWTFmVy96T2RUOUEvcEhyMWhFSm5uZElnVUlmb2dTZEdMRFdGSU1UV2V3S3RUNGdrNmNQRFJ4WTFPRHdYYlkraDV3S1YyVVpuU3E3K2p1bWowcEt3M24ySVBLanRDUkwyYitYWExuYTB5YlhVTUhySWZKbGJCTE9oRHl2RCtjR29BbEk3ZEwxZFJaNmNoK29ESk0vTGcxSmtyK0FWTExLWTdxYlQ1Yys1bjNiTUczY0RnPT0tLTU2R0pFM1VwZFRnVndZSWktLXptU2lWOHlQdjR0eGI1K09OQVZtRnc9PQ==?cid=2315575162Get hashmaliciousKnowBe4Browse
                                                                                      • 104.17.25.14
                                                                                      https://mail.donotreply.biz/XWW04VVZpU2JyWTFmVy96T2RUOUEvcEhyMWhFSm5uZElnVUlmb2dTZEdMRFdGSU1UV2V3S3RUNGdrNmNQRFJ4WTFPRHdYYlkraDV3S1YyVVpuU3E3K2p1bWowcEt3M24ySVBLanRDUkwyYitYWExuYTB5YlhVTUhySWZKbGJCTE9oRHl2RCtjR29BbEk3ZEwxZFJaNmNoK29ESk0vTGcxSmtyK0FWTExLWTdxYlQ1Yys1bjNiTUczY0RnPT0tLTU2R0pFM1VwZFRnVndZSWktLXptU2lWOHlQdjR0eGI1K09OQVZtRnc9PQ==?cid=2315575162Get hashmaliciousKnowBe4Browse
                                                                                      • 104.17.25.14
                                                                                      https://usps.com-trackujy.top/us/Get hashmaliciousUnknownBrowse
                                                                                      • 1.1.1.1
                                                                                      http://office.yacivt.com/wriEcFSZGet hashmaliciousHTMLPhisherBrowse
                                                                                      • 172.67.162.198
                                                                                      https://1drv.ms/w/c/17cc1e7b64547fa0/ER4uyAUCto9GkfZ_Sw-4_NAB9TeJj_jWV9oRzb3kdQINFQ?e=4%3aaVtPRh&sharingv2=true&fromShare=true&at=9Get hashmaliciousUnknownBrowse
                                                                                      • 104.17.25.14
                                                                                      https://www.fishertools.com/images/category/c1338ad0ed698a218652681b11a0396f.jpgGet hashmaliciousUnknownBrowse
                                                                                      • 1.1.1.1
                                                                                      https://shipment-status.com/route/85cc45db86ead4bc2c9088fa81eada0d9155863e/Get hashmaliciousUnknownBrowse
                                                                                      • 104.18.11.207
                                                                                      https://bu.marcel-andree.de/Get hashmaliciousUnknownBrowse
                                                                                      • 1.1.1.1
                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      3b5074b1b5d032e5620f69f9f700ff0ehttps://ce4.ajax.a8b.co/get?redir=1&id=d4vCW7zizPl1mo0GYx0ELgo+CCIybH9/c4qC7CeWEuI=&uri=//the-western-fire-chiefs-association.jimdosite.comGet hashmaliciousUnknownBrowse
                                                                                      • 104.21.64.1
                                                                                      zyEDYRU0jw.exeGet hashmaliciousArcaneBrowse
                                                                                      • 104.21.64.1
                                                                                      zyEDYRU0jw.exeGet hashmaliciousArcaneBrowse
                                                                                      • 104.21.64.1
                                                                                      hngarm13de02.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                      • 104.21.64.1
                                                                                      http://escrowmedifllc.hostconstructionapp.comGet hashmaliciousUnknownBrowse
                                                                                      • 104.21.64.1
                                                                                      BBVA S.A..vbsGet hashmaliciousRemcosBrowse
                                                                                      • 104.21.64.1
                                                                                      ugpJX5h56S.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                      • 104.21.64.1
                                                                                      87h216Snb7.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                      • 104.21.64.1
                                                                                      174 Power Global_Enrollment_.docx.docGet hashmaliciousUnknownBrowse
                                                                                      • 104.21.64.1
                                                                                      mjjt5kTb4o.lnkGet hashmaliciousUnknownBrowse
                                                                                      • 104.21.64.1
                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exestatsment.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                        https://cloudserver-filesredir667900989385.s3.eu-central-1.amazonaws.com/6354799604_PDF.htmlGet hashmaliciousScreenConnect ToolBrowse
                                                                                          https://cloudserver-filesredir667900989385.s3.eu-central-1.amazonaws.com/6354799604_PDF.htmlGet hashmaliciousScreenConnect ToolBrowse
                                                                                            file.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                              setup.msiGet hashmaliciousScreenConnect ToolBrowse
                                                                                                monthly-eStatementForum120478962.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                  monthly-eStatementForum120478962.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                    pzPO97QouM.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                      pzPO97QouM.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                        statments.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                          C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exestatsment.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                            https://cloudserver-filesredir667900989385.s3.eu-central-1.amazonaws.com/6354799604_PDF.htmlGet hashmaliciousScreenConnect ToolBrowse
                                                                                                              https://cloudserver-filesredir667900989385.s3.eu-central-1.amazonaws.com/6354799604_PDF.htmlGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                file.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                  setup.msiGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                    monthly-eStatementForum120478962.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                      monthly-eStatementForum120478962.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                        pzPO97QouM.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                          pzPO97QouM.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                            statments.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):65536
                                                                                                                              Entropy (8bit):0.9144068304996397
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:HIZFj57sdhqvGXyf8QXIDcQvc6QcEVcw3cE/v+HbHg/Jg+OgBCXEYcI+1siovMRT:6B57jP0BU/oj60ozuiFwZ24IO83
                                                                                                                              MD5:416073EF079FE90736EC0DBEEA7D8CF5
                                                                                                                              SHA1:ED264714E7E3E0E91FDBF61A8C11A40B41B59998
                                                                                                                              SHA-256:65D47DF10FCF61A7EF7ECE0C7A138D7B45AADE0700F634B9BC4DB64088E80DDF
                                                                                                                              SHA-512:63093CB73948F6FDCC4F6373B20A0B4D0B6E7CCE89100F4B178E69969DFAC3A827512E6A8ABDEB64C4B81E053E08F0DECE9DBE1D8562D950825A83637ED10ED5
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.9.4.4.0.2.2.9.6.2.5.5.4.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.9.4.4.0.2.4.3.6.8.8.0.5.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.9.e.9.4.f.e.6.-.a.b.c.e.-.4.4.3.3.-.9.a.3.7.-.e.8.4.7.f.4.a.6.9.9.a.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.4.f.6.d.6.4.c.-.d.b.3.5.-.4.a.9.7.-.9.f.9.f.-.a.6.3.b.b.3.2.d.a.6.7.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.s.u.p.p.o.r.t...C.l.i.e.n.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.8.5.0.-.0.0.0.1.-.0.0.1.4.-.a.3.a.b.-.9.b.7.a.c.9.5.0.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.7.d.f.d.6.3.8.3.4.0.6.7.1.0.9.0.c.2.c.5.9.5.9.c.0.1.1.b.e.d.b.0.0.0.0.f.f.f.f.!.0.0.0.0.2.f.e.8.4.9.e.2.7.f.9.8.2.5.6.e.3.7.4.a.7.b.0.e.e.1.f.9.c.c.b.b.f.6.8.b.9.0.8.0.!.s.u.p.p.o.r.t...C.l.i.e.n.t...e.x.e.....T.
                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                              File Type:Mini DuMP crash report, 14 streams, Tue Dec 17 21:20:23 2024, 0x1205a4 type
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):77256
                                                                                                                              Entropy (8bit):1.7565243218920403
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:6/4ULyhI/FqtvdO77EjvYkpRkWOUuGcN:6AULyhI/6vQQjV5jm
                                                                                                                              MD5:76A7431184F6D08A5E9554D5E499E7DD
                                                                                                                              SHA1:836BF58CFD64D6AA84408E7982EAF51D353F6CF1
                                                                                                                              SHA-256:8BAC2AF8232FF2F4AE33DB09CF1ABFB5C22C7A14DF9207F4CA0CE0E442370FED
                                                                                                                              SHA-512:0D59F10B55248F675DDE4FE2CD80533E5907244CB8AFFCF37BFD0D8A8B5374DEF4097A29D733F6C9860656F6C8438445746B04E5BCDB19D79C563195B2A51A4A
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:MDMP..a..... .........ag.........................................;..........T.......8...........T............!..H........... ...........................................................................................eJ..............GenuineIntel............T.......P.....ag.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):8344
                                                                                                                              Entropy (8bit):3.694935652464105
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:R6l7wVeJDZ6i6Y9cSU93pgmfDtom/Qpr389bU8sf58m:R6lXJ96i6YGSU93pgmfDtomNUPf3
                                                                                                                              MD5:991FBE92A363462355BBE7BD504C9816
                                                                                                                              SHA1:37F1E7641465365BA73D4E0176FD09197E44FB45
                                                                                                                              SHA-256:A41B3536A9F71552203D6AF613383422A972326ACE7B9423AF727729D8D728D4
                                                                                                                              SHA-512:5EEDCAEAFA28F53C3F5ECBE80995AFB28D747C5E92440A88DF09AF5DDD57D07BCDB60A28227078E0D7B455BA433DE91F77E448D017BF895A178581E1A8548CE6
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.2.2.4.<./.P.i.
                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):4613
                                                                                                                              Entropy (8bit):4.472029372055223
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:cvIwWl8zsIJg77aI9x3F4WpW8VYYYm8M4JRLFH+q8GdNw/Id:uIjfOI773Fx7VcJnhw/Id
                                                                                                                              MD5:0F334344AE2449B2630BE807C8869DC7
                                                                                                                              SHA1:EA5E9F1F8C4818FC74DDE2CFD50D121F2DC910DE
                                                                                                                              SHA-256:2AC3381A89FB4ACDD28AFB6C9639DDEA10066E65F2A20A03A63A0611D45AF396
                                                                                                                              SHA-512:90D877E4C6658205F55B3CF2386201EE1CC3928136EB483C475B37DB6DBA8DD8B675E64F9E2B3ECCBE5558F982D9115140B82938E2E57A9A304EA114D0C3CCD1
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="635783" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:Certificate, Version=3
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1716
                                                                                                                              Entropy (8bit):7.596259519827648
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:GL3d+gG48zmf8grQcPJ27AcYG7i47V28Tl4JZG0FWk8ZHJ:GTd0PmfrrQG28cYG28CEJ
                                                                                                                              MD5:D91299E84355CD8D5A86795A0118B6E9
                                                                                                                              SHA1:7B0F360B775F76C94A12CA48445AA2D2A875701C
                                                                                                                              SHA-256:46011EDE1C147EB2BC731A539B7C047B7EE93E48B9D3C3BA710CE132BBDFAC6B
                                                                                                                              SHA-512:6D11D03F2DF2D931FAC9F47CEDA70D81D51A9116C1EF362D67B7874F91BF20915006F7AF8ECEBAEA59D2DC144536B25EA091CC33C04C9A3808EEFDC69C90E816
                                                                                                                              Malicious:false
                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                              Preview:0...0............@.`.L.^.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...210429000000Z..360428235959Z0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10.."0...*.H.............0........./B.(.x.].9Y...B.3..=..p..&0...h.\..4$..KO.xC........g.RO..W.......>Mp$d....}4}L.W.kC....;....GZ..L.. %............e....I5.=Q..!xE...,.......IpB2......eh..ML..HRh....W]...e...O.,H.V.5........7.....|...2........t..9..`.....1.......#GG...n..m.....jg-.D......;...2Z..j`T.I....\.o.&....8........o.a4\..E(.6*f(_.s.&%....\...L.b.^3........+..6y.....u.e..HP.w....P.F.aX..|..<.(.9....S..G.u0..0.v..[K]taM?..v.X.r.)A...m&vh.A.X..&+..MY.x.J>@G_.Ps..#!Y`.dT..!..8.|f..x8E0.O.cOL....SA|X=G....2...l<.V.........Y0..U0...U.......0.......0...U......h7..;._....a{..e.NB0...U.#..0.......q]dL..g?....O0...U...........0...U.%..0...+.......0w..+........k0i0$..+.....0...http:/
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):727
                                                                                                                              Entropy (8bit):7.564000535421715
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:5onfZKc5RlRtBfQ0wqsV+nrKphji7tvNHHw4EwLSoN8yIt7DLzgnqJnaGn:5iQcdZ7ljCgvdQJYSLh78noaG
                                                                                                                              MD5:87C44115E57665888B102ECD3F2FB4A5
                                                                                                                              SHA1:A82C98DE2FFFB14C0FE6E18F7F8F12642F691143
                                                                                                                              SHA-256:9369934B9EF59D8F9B3ADE45D945E87BD7676E45114B9005DD458A970D3A561B
                                                                                                                              SHA-512:8CC4B9D7BAB588B6D5A6068C44412517F08FC80B3816CC1DF0298F26511C01943217AE89F5EBD5E7298D6045291E07F73FB7FE499CCB0E7D2191D41C91041A8C
                                                                                                                              Malicious:false
                                                                                                                              Preview:0..........0.....+.....0......0...0..........q]dL..g?....O..20241217184215Z0s0q0I0...+........."..;F..=\@ua..........q]dL..g?....O....@.`.L.^........20241217184215Z....20241224184215Z0...*.H...............7.v.^.....S...&h2c%5.}d.yD..P...N..Q=.|D _ya..NR..R....m...v.)./.....sm..P....5..|...d..A5x...{.....7N...P.n..&.~8...H..=SZ...;\.*o...kD4..Q.=..^.V..<.."..4.r....E{.P._.O/..k...j..........m.x....7...1YG9..|..g.a.G..!}...N..,.v..f....."6/~...y..)...4.{.$...5....i&]..7..Q_E......A.c.w...H..N.:K...C....#.R.1%6/..3OX4......Sm..[....N.4.....g.3!.f.....~...?..AQ..2t..#.).#?^.O..gW.....B~...~T.#,.2V.|..{..Q...q.L.....$(..7Xl>...EB....At.....GF&.)......%....'.'y.mx..e.#Z....*.z.b..K.e..bc.....C.$..
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:Certificate, Version=3
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1428
                                                                                                                              Entropy (8bit):7.688784034406474
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:nIGWnSIGWnSGc9VIyy0KuiUQ+7n0TCDZJCCAyuIqwmCFUZnPQ1LSdT:nIL7LJSRQ+QgAyuxwfynPQmR
                                                                                                                              MD5:78F2FCAA601F2FB4EBC937BA532E7549
                                                                                                                              SHA1:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
                                                                                                                              SHA-256:552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988
                                                                                                                              SHA-512:BCAD73A7A5AFB7120549DD54BA1F15C551AE24C7181F008392065D1ED006E6FA4FA5A60538D52461B15A12F5292049E929CFFDE15CC400DEC9CDFCA0B36A68DD
                                                                                                                              Malicious:false
                                                                                                                              Preview:0...0..x..........W..!2.9...wu\0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...130801120000Z..380115120000Z0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40.."0...*.H.............0..........sh..]J<0"0i3..%..!=..Y..).=X.v..{....0....8..V.m...y....._..<R.R....~...W.YUr.h.p..u.js2...D.......t;mq.-... .. .c)-..^N..!a.4...^.[......4@_.zf.w.H.fWW.TX..+.O.0.V..{]..O^.5.1..^......@.y.x...j.8.....7...}...>..p.U.A2...s*n..|!L....u]xf.:1D.3@...ZI...g.'..O9..X..$\F.d..i.v.v=Y]Bv...izH....f.t..K...c....:.=...E%...D.+~....am.3...K...}....!........p,A`..c.D..vb~.....d.3....C....w.....!..T)%.l..RQGt.&..Au.z._.?..A..[..P.1..r."..|Lu?c.!_. Qko....O..E_. ........~.&...i/..-............B0@0...U.......0....0...U...........0...U..........q]dL..g?....O0...*.H..............a.}.l.........dh.V.w.p...J...x\.._...)V.6I]Dc...f.#.=y.mk.T..<.C@..P.R..;...ik.
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):340
                                                                                                                              Entropy (8bit):3.5320291593118522
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6:kKHW8OsG7DNfUN+SkQlPlEGYRMY9z+s3Ql2DUeXJlOW1:vW1FLkPlE99SCQl2DUeXJlOA
                                                                                                                              MD5:21655886162FED2B8AF2F090FD33FEB6
                                                                                                                              SHA1:DB18572DAED0ED42D9A4219EC6361A0E7EF6BA76
                                                                                                                              SHA-256:78B63C7607EA56D3C24D95578692A40971842C9536871C4E962315F77E7662AE
                                                                                                                              SHA-512:E5AA33A86EBC9A662AFAB0376699BE014D342469608388D6C116D7CE315056D5D4181677D87A3644ECDEC9744D01404746875DCCF5162213EE7A212DB9F4D0BF
                                                                                                                              Malicious:false
                                                                                                                              Preview:p...... .........>..0S..(.................................................G.OQ.. ........~..MG......&.....6.........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".0.6.c.f.c.c.5.4.d.4.7.d.b.1.:.0."...
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):308
                                                                                                                              Entropy (8bit):3.2220888806886414
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6:kKMAzNcalgRAOAUSW0P3PeXJUwh8lmi3Y:kLtWOxSW0P3PeXJUZY
                                                                                                                              MD5:46E68C14D5DC8AFFE7F071D40E09360F
                                                                                                                              SHA1:F8226F2C6573B7D144255ACAAC5B72320A3492DE
                                                                                                                              SHA-256:E4834B6100630FC229A37B1100F66EFE415D33C69E0F2D30AFEAB11B2BF548FA
                                                                                                                              SHA-512:B8F24914152B26DB499D9EDCBDF71CD6BC23D103F57B1DE537A11AFCD628DF3A4FF92EAC414A072E76D5C759C705A64DD52882E328A058043D6B2F44A13D8D89
                                                                                                                              Malicious:false
                                                                                                                              Preview:p...... ........K.5.UQ..(....................................................... ........}.-@@......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.t...".6.0.9.0.3.0.2.2.-.6.b.4."...
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):412
                                                                                                                              Entropy (8bit):3.956031372596048
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6:kKDbEii46za4oQfOAUMivhClroFfJSUm2SQwItJqB3UgPSgakZdPolRMnOlAkrn:c54ybmxMiv8sFBSfamB3rbFURMOlAkr
                                                                                                                              MD5:DAC960D3BA2A53B203CEC2CF8ABA1443
                                                                                                                              SHA1:782A90BBFBA01215A03DB8BA3695DD9C66CE289C
                                                                                                                              SHA-256:52E5740B469DEE28EBA186BE0AF6D8D9373CC33F6750C2491D33E2DD531E94D9
                                                                                                                              SHA-512:C5054A267142813C35B05E44BA29ED115ADC353A5F6797DDDB54B7835E18B7589B018EE45C78CC374C73B0FB71237D652CEB91802FD4F77FEEBFBE9167B9C26E
                                                                                                                              Malicious:false
                                                                                                                              Preview:p...... ....(.......AQ..(.................Qd.P....5.3V....................5.3V.. ........2V..P.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.f.I.s.%.2.B.L.j.D.t.G.w.Q.0.9.X.E.B.1.Y.e.q.%.2.B.t.X.%.2.B.B.g.Q.Q.U.7.N.f.j.g.t.J.x.X.W.R.M.3.y.5.n.P.%.2.B.e.6.m.K.4.c.D.0.8.C.E.A.i.t.Q.L.J.g.0.p.x.M.n.1.7.N.q.b.2.T.r.t.k.%.3.D...
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):254
                                                                                                                              Entropy (8bit):3.045024851223198
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6:kK15LDcJgjcalgRAOAUSW0PTKDXMOXISKlUp:t5LYS4tWOxSW0PAMsZp
                                                                                                                              MD5:1E76CB6750A36EC0FC0F7D7E03645F2F
                                                                                                                              SHA1:E661452841EC37837790DA325EF81669CFB961EA
                                                                                                                              SHA-256:F409C46A0479A717D0BE669F30D5979CE8EFC9FD75E91A35FCE34761387265BE
                                                                                                                              SHA-512:8DC77C84ED07E1252E99692BAFD1248E71FF9B0A3BF8B94FBEF450D5FA066FAB12BF98CE7FE8B825A58B86F8CA2225F492F9B731A026A188DB263F5E4B7D00C8
                                                                                                                              Malicious:false
                                                                                                                              Preview:p...... ....l...1F..2Q..(....................................................... ............n......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.t...".5.a.2.8.6.4.1.7.-.5.9.4."...
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):25496
                                                                                                                              Entropy (8bit):5.466152625011584
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:Llq5gYGo26tX9DkX9R/QPIBM7YE0tQlniloAqRoblzu/:LsOq26tX9DkX9R/QPI+0ER+blz8
                                                                                                                              MD5:82E0830034A8CC9BFDF190EA2304E28B
                                                                                                                              SHA1:5132F2326AF7CEFCE36DD503D2267550FC68FBC5
                                                                                                                              SHA-256:99B39E2D0F6984F4648CCDF4FA8C0F0337B5D0C0AAE5C7CD9A6E6227F1B94029
                                                                                                                              SHA-512:9A15D936AE481E41F9D4477E7CE4E20897F77C37BDABCF2D23CF4BDDD92451A0B73F9B88EAFEF053B42547B26244F60BBEC025533D99B2E9DA6DAD15FE983C7B
                                                                                                                              Malicious:false
                                                                                                                              Preview:PcmH........w25(A...f.......!...T...........................e...?....<.g..J.|r,..`P....}'.d.........8........R....................U.K...W.....U..c...................'-........s".I...R.....$...........3..L.G.......S..{.........6.......'~.x.h.....[...........5...M...8..........~9......-.a:...j.......;...K*...!.<......6..A....y.].m..C....=4.....E....&..{.!.G....qz...#aI...@.R....K....u..IV..N......D..O.....E..X.R...O.&r..VzU......3LD.SY...[s.T..<\...........`.......=...P...S...V...Z...].......,.......L.......T.......\.......`.......|...........................................@.......0...........<.......T.......h.......|...0.......................................0...........<.......T.......h.......|...0.......................................0...........8.......L.......`...0...l.......................................................................,.......8.......L.......`.......l...........................................................................................@...
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):17866
                                                                                                                              Entropy (8bit):5.954687824833028
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:ze1oEQwK45aMUf6FX9hJX9FX9R/QPIYM7Y7:zd6FX9hJX9FX9R/QPIN07
                                                                                                                              MD5:1DC9DD74A43D10C5F1EAE50D76856F36
                                                                                                                              SHA1:E4080B055DD3A290DB546B90BCF6C5593FF34F6D
                                                                                                                              SHA-256:291FA1F674BE3CA15CFBAB6F72ED1033B5DD63BCB4AEA7FBC79FDCB6DD97AC0A
                                                                                                                              SHA-512:91E8A1A1AEA08E0D3CF20838B92F75FA7A5F5DACA9AEAD5AB7013D267D25D4BF3D291AF2CA0CCE8B73027D9717157C2C915F2060B2262BAC753BBC159055DBDF
                                                                                                                              Malicious:false
                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="ScreenConnect.WindowsClient.exe" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" type="win32" />.. <application />.. <entryPoint>.. <assemblyIdentity name="ScreenConnect.WindowsClient" version="24.2.10.8991" publicKeyToken="4B14C015C87C1AD8" language="neutral" processorArchitecture="msil" />.. <commandLine file="ScreenConnect.WindowsClient.exe" paramet
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3452
                                                                                                                              Entropy (8bit):4.213889666341333
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:ttkJ3uWWkneV+WwQXlmL4McwouGMJzIhIYX:ve3CJUUMcjL2wf
                                                                                                                              MD5:847FFF10436059BD703FC52C96E731DD
                                                                                                                              SHA1:03D185ECAC18AF2E27606B278E621641BDA9CA33
                                                                                                                              SHA-256:D381F33FC52A195E30B5515E36944C8328DD3AD1864D9FBD181AD76CB400BE8E
                                                                                                                              SHA-512:47E47247818EF7DEBF730FACF519C6200AC9300DFBC80A44C11AE3ED292FF6DA1B9663F61971182A4F2EAED1EAA0A0B3200020E457BF7EA6A7C780D49D6FF6F9
                                                                                                                              Malicious:false
                                                                                                                              Preview:PcmH..............#...(.......T..........................."........<.g..J.|r,..`P..............E..X......U..c...................'-........s".I...R.....$...........3..L.G.....'~.x.h.................z..w.....[~31.X....s)..;$D......B(.........f..VC.........;..........................0...@...0...p...0.......0...................................0.......4.......D.......T.......\...4...h...........P...\...........@...................................,...(...4.......\.......d.......x...(.......................(.......................(...........$...4...,.......`...................................................................................................................................................................................................nameScreenConnect.Core%%processorArchitecture%%%msilpublicKeyToken%%4B14C015C87C1AD8version%24.2.10.8991....................................................MdHd............D...........MdSp(...$...(...(...#............... urn:schemas
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1216
                                                                                                                              Entropy (8bit):5.1303806593325705
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:JdFYZ8h9onR+geP0Au2vSkcVSkcMKzpdciSkTo:3FYZ8h9o4gI0A3GVETDTo
                                                                                                                              MD5:2343364BAC7A96205EB525ADDC4BBFD1
                                                                                                                              SHA1:9CBA0033ACB4AF447772CD826EC3A9C68D6A3CCC
                                                                                                                              SHA-256:E9D6A0964FBFB38132A07425F82C6397052013E43FEEDCDC963A58B6FB9148E7
                                                                                                                              SHA-512:AB4D01B599F89FE51B0FFE58FC82E9BA6D2B1225DBE8A3CE98F71DCE0405E2521FCA7047974BAFB6255E675CD9B3D8087D645B7AD33D2C6B47B02B7982076710
                                                                                                                              Malicious:false
                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Core" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Core.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Configuration" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.0" />.. </dependentAssem
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):5260
                                                                                                                              Entropy (8bit):3.9040776359247884
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:vNq6R84N9eV+Ww7mkgOr2WAXezoZkv4awnjIbm:7R84UJCglF6Yjd
                                                                                                                              MD5:5F9792669806DD22E67068E9D794B365
                                                                                                                              SHA1:6098F447A5ABFC24125667E5C6ED9BE5F507DF81
                                                                                                                              SHA-256:BE2942B7B4FD0D02CE2DD51D46426BFB46BABDE4DBA2ACC3840BC0EFD0DDE449
                                                                                                                              SHA-512:E52B0F1ABD381AD406FC8F25CDCCBD407FD480A6EE4B1A34EA812AD7BEC90501916F5BD5CB6452973CED75CDF7D1F24BD2DBAEDC838A51D11ACE1D99F08BAC09
                                                                                                                              Malicious:false
                                                                                                                              Preview:PcmH........ .~&...#4...t.......T...............P...........3........<.g..J.|r,..`P............O.&r..Vz.....U..c...................'-........s".I...R.....$...........3..L.G.....[.......................z..w.....[~31.X....C.........y..&..d......B(.........^.ie...u"...F.....Ey%.....E..X.(...s".I...R)....+.`...m,......;../............... ...#...&...*...-...0...0.......0...D...0...t...0.......0.......0.......0...4...0...d...................................................................4...........4...P...........l...@.......................................(........... .......(...(...<.......d.......l.......|...(.......................(.......................(...........8.......@.......T...(...d...................(.......................(...............d...........p.......................................................................................................................................................................................................................
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1982
                                                                                                                              Entropy (8bit):5.057585371364542
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:JdFYZ8h9onRbggeP0AuEvSkcyMuscVSkcHSkcf5bdcadccdcckdTo:3FYZ8h9oygI0AbHMrGQAXRTFgTo
                                                                                                                              MD5:50FC8E2B16CC5920B0536C1F5DD4AEAE
                                                                                                                              SHA1:6060C72B1A84B8BE7BAC2ACC9C1CEBD95736F3D6
                                                                                                                              SHA-256:95855EF8E55A75B5B0B17207F8B4BA9370CD1E5B04BCD56976973FD4E731454A
                                                                                                                              SHA-512:BD40E38CAC8203D8E33F0F7E50E2CAB9CFB116894D6CA2D2D3D369E277D93CDA45A31E8345AFC3039B20DD4118DC8296211BADFFA3F1B81E10D14298DD842D05
                                                                                                                              Malicious:false
                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Windows" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Windows.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depen
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):6588
                                                                                                                              Entropy (8bit):4.013373195575324
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:pMmxWJeV+WwwU8WpiVppqT+NSw/dNY655bN1ksJqi/D5:txZJwpiHpWgR86zbIw75
                                                                                                                              MD5:C4A383203348475E30BBCEF41524D6AD
                                                                                                                              SHA1:C8A1449E268701B9E3A725F5D4A85446AFC00C19
                                                                                                                              SHA-256:0DD88485AF14DCC6678379B6278938588B4647067E1322AD494F7257E810D158
                                                                                                                              SHA-512:D4017FAC7CAD4EF2B923C124A72DE0D88C88C465F079E0989AC799BB1AEEBC43D0B4245BE20D7EC40563DA24418BF749758E19249176A7040FA5D800872BD176
                                                                                                                              Malicious:false
                                                                                                                              Preview:PcmH............mJP.@...........T...............t...........?........<.g..J.|r,..`P.............U.K...W.....U..c...................'-........s".I...R.....$...........3..L.G.........}'.d................z..w.....[~31.X....y..&..d......B(.........C....."...^.ie...u%...[s.T..<(...s".I...R)...F.....Ey,.....E..X./...f..VC..2...O.&r..Vz5......;..8.....V....X;........... ...#...&...*...-...0...3...6...9...<...0.......0.......0.......0...4...0...d...0.......0.......0.......0...$...0...T...0.......................................................................4...$.......X...P...X...........@........................... .......0...(...8.......`.......h.......x...(.......................(.......................(...........8.......@.......T...(...d...................(.......................(.......................(...$.......L.......T...(...l...................(.......................(...................................................................................................
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2573
                                                                                                                              Entropy (8bit):5.026361555169168
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:3FYZ8h9o5gI0AsHMrAXQ3MrTMrRGTDBTo:1YiW4AjEvEJ
                                                                                                                              MD5:3133DE245D1C278C1C423A5E92AF63B6
                                                                                                                              SHA1:D75C7D2F1E6B49A43B2F879F6EF06A00208EB6DC
                                                                                                                              SHA-256:61578953C28272D15E8DB5FD1CFFB26E7E16B52ADA7B1B41416232AE340002B7
                                                                                                                              SHA-512:B22D4EC1D99FB6668579FA91E70C182BEC27F2E6B4FF36223A018A066D550F4E90AAC3DFFD8C314E0D99B9F67447613CA011F384F693C431A7726CE0665D7647
                                                                                                                              Malicious:false
                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.WindowsClient" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.WindowsClient.exe" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Drawing" publicKeyToken="b03f5f7f11d50a3a" version="2.0.
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3032
                                                                                                                              Entropy (8bit):4.880867857138218
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:NMQScyhgye6S+9oww7g47Jw+f7iI++5dFkEM6Vbjft3nwbb:NXScy/eV+WwwnJwOiMRkbort3nEb
                                                                                                                              MD5:AE03D8E98EEEBB4D0107318ED13A3459
                                                                                                                              SHA1:951F11459219B69C6C112450B28A74CB16CFB795
                                                                                                                              SHA-256:297B435C0B3A28EAE962B74522358984CDEAB2E8FC54EE31026BD056402E4D8E
                                                                                                                              SHA-512:12156C9AAB58642A1B012EEEE9A1F601827F349FCCA2BD7547EF7BA88D2B8B289B21F985DB28D5A32509998163425967A6E71D56D4A1A960C0D421BF5E603F0D
                                                                                                                              Malicious:false
                                                                                                                              Preview:PcmH........q.xjP..............T....................................<.g..J.|r,..`P............[s.T..<.....U..c...................'-........s".I...R.....$...........3..L.G.......S..{..................z..w.....[~31.X......E..X.....s".I...R.......;......................0.......0...@...0...p...................................................................4...........<...P...........P...@...h...................................(...............................(...,.......T.......\...(...d...........(...............................................................................................................................................................nameScreenConnect.ClientprocessorArchitecture%%%msilpublicKeyToken%%4B14C015C87C1AD8version%24.2.10.8991....................................................MdHd............<...........MdSp ...$....... ...".............Bp urn:schemas-microsoft-com:asm.v1.assembly.xmlns.1.0.manifestVersion urn:schemas-microsoft-com:asm.v2.asmv2)
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1041
                                                                                                                              Entropy (8bit):5.147328807370198
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:JdFYZ8h9onRigeP0AuWvSkcyMuscVSkTo:3FYZ8h9oYgI0AHHMrGTo
                                                                                                                              MD5:2EA1AC1E39B8029AA1D1CEBB1079C706
                                                                                                                              SHA1:5788C00093D358F8B3D8A98B0BEF5D0703031E3F
                                                                                                                              SHA-256:8965728D1E348834E3F1E2502061DFB9DB41478ACB719FE474FA2969078866E7
                                                                                                                              SHA-512:6B2A8AC25BBFE4D1EC7B9A9AF8FE7E6F92C39097BCFD7E9E9BE070E1A56718EBEFFFA5B24688754724EDBFFA8C96DCFCAA0C86CC849A203C1F5423E920E64566
                                                                                                                              Malicious:false
                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Client" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Client.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depende
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):14612
                                                                                                                              Entropy (8bit):5.715093491455728
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:rWh4+8n9q5s6VHoY8s8oXN8s8oTN2x2QPIlFDLhEDh7BqWoDOs:rWk9qS6VTX9dX9R/QPIBM7YDb
                                                                                                                              MD5:5CCE8A49A916408516D3886E027FF0C3
                                                                                                                              SHA1:CAECED391B411D23525104D91E66C0067864D7CE
                                                                                                                              SHA-256:60B9D580548574E727BB29F4B869C0B7F08F15BD971A42AFDCF71522AA0B4F6C
                                                                                                                              SHA-512:94E48A93C4A74549CEA8A0A9DC28570B8179D9969630880C034FCEFD7416E019F265A0CC5A9700B225CB80912D64AA44743424AAACED45C966B6ACEFD48A31B2
                                                                                                                              Malicious:false
                                                                                                                              Preview:PcmH...........C?.|$...@.......T...............8...........#........<.g..J.|r,..`PF...}&............Z.....)....E......x...\......=+.p.......I\t.\..>................j.K...6.....U..c...................'-...........-.a.....$...........3..L.G..........8........R...........}'.d....j...........K*...!.................`...........................0...................................................(.......@.......P.......T...'...X...................................................4................3......P....7......@8......H8......P8......p8......t8..L...|8.......8.......8.......8.......8.......8..ScreenConnect.Client.manifest%%%....]...Tk....Y?.Om................-........................E......................................4.0.30319%%%Client%%4.0%ScreenConnect Software%%ScreenConnect Client....................................P.......nameScreenConnect.WindowsClient.application%processorArchitecture%%%msilpublicKeyToken%%25b0fbb6ef7eb094version%24.2.10.8991........................
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):147976
                                                                                                                              Entropy (8bit):5.699150757460175
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:0aNYcT51/FXvMVNWfCXq9ymdrpErpErpXm2o9HuzhJOvP:0dcfiVITrpErpErpXmt8vOvP
                                                                                                                              MD5:B7DEB98212080D0214AD779A9446FF09
                                                                                                                              SHA1:05FAD5E8F0131FB5DD9D6EFA8F879E8FA684B569
                                                                                                                              SHA-256:C8DC03F64AA8D794D5A763B4260C18967267B7E9C55E1BE8D0ECCF5107C9D49A
                                                                                                                              SHA-512:7F93A5DF3A29312518CE188DBD72B987FD5B99DB58C4E8ACC7FF9677907B1B74F2126A6D4FD1DEF4FE136649D5690EB3EBFE739D57299C0A6E4E5EA7DB1C74E2
                                                                                                                              Malicious:false
                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="ScreenConnect.WindowsClient.application" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="ScreenConnect Software" asmv2:product="ScreenConnect Client" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install="false" trustURLParameters="tr
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):4428
                                                                                                                              Entropy (8bit):4.71285177086219
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:KQKXCD5v+1DgHe6S+9ow87gFW75uv93OlTRjZ2z+CEFdUQkoDprOaJCf:KvXzAeV+Ww8U45u9IThSEFrkoNOrf
                                                                                                                              MD5:270B0F4585927F1B35291C488B614726
                                                                                                                              SHA1:3344C9811A23E50483CCA6B46C4BB1C505120560
                                                                                                                              SHA-256:02C94EDF1E79D7EF3119857F3754FF7545879CE2F64FDAD0C0C722BD07B519C4
                                                                                                                              SHA-512:19ACBE80027F748BD6541A5D2CBBA45B33B46FC3E206B6776330606F3929F16C0FC546F4A15F1F06D9319A65A67CD9C32573F81B9C8B129E985C7D0E76A18090
                                                                                                                              Malicious:false
                                                                                                                              Preview:PcmH........?o..{.8.,...T.......T...............8...........+........<.g..J.|r,..`P...............3LD.S.....U..c...................'-........s".I...R.....$...........3..L.G........6...................z..w.....[~31.X....y..&..d......B(.........[s.T..<....s".I...R......E..X.!...O.&r..Vz$......;..'..................."...%...(...0.......0.......0.......0...D...0...t...0................................................... .......0.......8...4...D.......x...P...l...........@...................,.......4.......D...(...L.......t.......|...........(...............................(................... ...(...4.......\.......d...(...|...................(...............L...........0...................................................................................................................................................................................................................................................................................................nameScreenConnect.Cl
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1636
                                                                                                                              Entropy (8bit):5.084538887646832
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:JdFYZ8h9onRzgeP0AuS+vSkcyMuscbEMuscuMuscVSkcf5bdTo:3FYZ8h9o9gI0AJCHMrTMr3MrGAXTo
                                                                                                                              MD5:E11E5D85F8857144751D60CED3FAE6D7
                                                                                                                              SHA1:7E0AE834C6B1DEA46B51C3101852AFEEA975D572
                                                                                                                              SHA-256:ED9436CBA40C9D573E7063F2AC2C5162D40BFD7F7FEC4AF2BEED954560D268F9
                                                                                                                              SHA-512:5A2CCF4F02E5ACC872A8B421C3611312A3608C25EC7B28A858034342404E320260457BD0C30EAEFEF6244C0E3305970AC7D9FC64ECE8F33F92F8AD02D4E5FAB0
                                                                                                                              Malicious:false
                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.ClientService" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.ClientService.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Windows" publicKeyToken="4b14c015c87c1ad8" versio
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):95520
                                                                                                                              Entropy (8bit):6.505346220942731
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:rg1s9pgbNBAklbZfe2+zRVdHeDxGXAorrCnBsWBcd6myJkgoT0HMM7CxM7:khbNDxZGXfdHrX7rAc6myJkgoT0HXN7
                                                                                                                              MD5:361BCC2CB78C75DD6F583AF81834E447
                                                                                                                              SHA1:1E2255EC312C519220A4700A079F02799CCD21D6
                                                                                                                              SHA-256:512F9D035E6E88E231F082CC7F0FF661AFA9ACC221CF38F7BA3721FD996A05B7
                                                                                                                              SHA-512:94BA891140E7DDB2EFA8183539490AC1B4E51E3D5BD0A4001692DD328040451E6F500A7FC3DA6C007D9A48DB3E6337B252CE8439E912D4FE7ADC762206D75F44
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Joe Sandbox View:
                                                                                                                              • Filename: statsment.exe, Detection: malicious, Browse
                                                                                                                              • Filename: , Detection: malicious, Browse
                                                                                                                              • Filename: , Detection: malicious, Browse
                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                              • Filename: setup.msi, Detection: malicious, Browse
                                                                                                                              • Filename: monthly-eStatementForum120478962.Client.exe, Detection: malicious, Browse
                                                                                                                              • Filename: monthly-eStatementForum120478962.Client.exe, Detection: malicious, Browse
                                                                                                                              • Filename: pzPO97QouM.exe, Detection: malicious, Browse
                                                                                                                              • Filename: pzPO97QouM.exe, Detection: malicious, Browse
                                                                                                                              • Filename: statments.exe, Detection: malicious, Browse
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..qF.qF.qF....qF.....qF....qF.<.B.qF.<.E.qF.<.C.qF....qF.#..qF.qG..qF.2.O.qF.2...qF.2.D.qF.Rich.qF.........................PE..L.....wc...............!.............!............@.......................................@.................................p...x....`..X............L.. )...p......`!..p............................ ..@............................................text...:........................... ..`.rdata...f.......h..................@..@.data........@.......,..............@....rsrc...X....`.......6..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):61216
                                                                                                                              Entropy (8bit):6.31175789874945
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:SW/+lo6MOc8IoiKWjbNv8DtyQ4RE+TC6VAhVbIF7fIxp:SLlo6dccl9yQGVtFra
                                                                                                                              MD5:6DF2DEF5E591E2481E42924B327A9F15
                                                                                                                              SHA1:38EAB6E9D99B5CAEEC9703884D25BE8D811620A9
                                                                                                                              SHA-256:B6A05985C4CF111B94A4EF83F6974A70BF623431187691F2D4BE0332F3899DA9
                                                                                                                              SHA-512:5724A20095893B722E280DBF382C9BFBE75DD4707A98594862760CBBD5209C1E55EEAF70AD23FA555D62C7F5E54DE1407FB98FC552F42DCCBA5D60800965C6A5
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Joe Sandbox View:
                                                                                                                              • Filename: statsment.exe, Detection: malicious, Browse
                                                                                                                              • Filename: , Detection: malicious, Browse
                                                                                                                              • Filename: , Detection: malicious, Browse
                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                              • Filename: setup.msi, Detection: malicious, Browse
                                                                                                                              • Filename: monthly-eStatementForum120478962.Client.exe, Detection: malicious, Browse
                                                                                                                              • Filename: monthly-eStatementForum120478962.Client.exe, Detection: malicious, Browse
                                                                                                                              • Filename: pzPO97QouM.exe, Detection: malicious, Browse
                                                                                                                              • Filename: pzPO97QouM.exe, Detection: malicious, Browse
                                                                                                                              • Filename: statments.exe, Detection: malicious, Browse
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L............."...0.................. ........@.. ....................... ......3]....@.....................................O.......,............... )..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B........................H........S......................x.........................................(....*^.(.......a...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(....(....(....r...p(....o....(....r...p..~....(....(....r9..p..~....(....(.....g~).....(....rY..p.(....&(.....(....s....( ...s....(!...*...0...........(".....(#.....($....s....%.o%...%.o&...%.o'...%s!...o(...%~....o)...}......(....o*...o+....(,.....@...%..(.....o-....s....}.....{...........s/...o0....s....}..
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):266
                                                                                                                              Entropy (8bit):4.842791478883622
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                              MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                              SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                              SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                              SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                              Malicious:false
                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):266
                                                                                                                              Entropy (8bit):4.842791478883622
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                              MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                              SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                              SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                              SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                              Malicious:false
                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):81696
                                                                                                                              Entropy (8bit):5.862223562830496
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:/tytl44RzbwI5kLP+VVVVVVVVVVVVVVVVVVVVVVVVVC7Yp7gxd:8/KukLdUpc
                                                                                                                              MD5:B1799A5A5C0F64E9D61EE4BA465AFE75
                                                                                                                              SHA1:7785DA04E98E77FEC7C9E36B8C68864449724D71
                                                                                                                              SHA-256:7C39E98BEB59D903BC8D60794B1A3C4CE786F7A7AAE3274C69B507EBA94FAA80
                                                                                                                              SHA-512:AD8C810D7CC3EA5198EE50F0CEB091A9F975276011B13B10A37306052697DC43E58A16C84FA97AB02D3927CD0431F62AEF27E500030607828B2129F305C27BE8
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P............"...0..@...........^... ...`....@.. .......................`......j.....@..................................^..O....`.. ............... )...@.......]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc... ....`.......B..............@..@.reloc.......@......................@..B.................^......H....... +..@2..................`]........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s>....(....(....(....(....(.....(....(......s....}B....s....}C....~@...%-.&~?.....<...s ...%.@...o...+.....@...s ...o...+......A...s!...o...+}D.......B...s"...o...+.......(#...&......(#...& .... ...........($...&s....t......r...prs..p(%...(&...~>...%-.&...'...s(...%.>.....A...().......(*........(+...o,...(-...t....
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):266
                                                                                                                              Entropy (8bit):4.842791478883622
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                              MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                              SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                              SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                              SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                              Malicious:false
                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):548864
                                                                                                                              Entropy (8bit):6.031251664661689
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:7+kYq9xDsxaUGEcANzZ1dkmn27qcO5noYKvKzDrzL9e7eOJsXziIYjVtkb+vbHq+:7SHtpnoVMlUbHbBaYLD
                                                                                                                              MD5:16C4F1E36895A0FA2B4DA3852085547A
                                                                                                                              SHA1:AB068A2F4FFD0509213455C79D311F169CD7CAB8
                                                                                                                              SHA-256:4D4BF19AD99827F63DD74649D8F7244FC8E29330F4D80138C6B64660C8190A53
                                                                                                                              SHA-512:AB4E67BE339BECA30CAB042C9EBEA599F106E1E0E2EE5A10641BEEF431A960A2E722A459534BDC7C82C54F523B21B4994C2E92AA421650EE4D7E0F6DB28B47BA
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z............." ..0..X...........r... ........... ...............................D....@..................................r..O....................................q..8............................................ ............... ..H............text....V... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................r......H........B......................xq........................................{:...*..{;...*V.(<.....}:.....};...*...0..A........u~.......4.,/(=....{:....{:...o>...,.(?....{;....{;...o@...*.*.*. ... )UU.Z(=....{:...oA...X )UU.Z(?....{;...oB...X*...0..b........r...p......%..{:......%q.........-.&.+.......oC....%..{;......%q.........-.&.+.......oC....(D...*..{E...*..{F...*V.(<.....}E.....}F...*.0..A........u........4.,/(=....{E....{E...o>...,.(?....{F....{F...o@...*.*.*. F.b# )UU.
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1721856
                                                                                                                              Entropy (8bit):6.639136400085158
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:gx5x94kEFj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPo:gx5xKkEJkGYYpT0+TFiH7efP
                                                                                                                              MD5:9F823778701969823C5A01EF3ECE57B7
                                                                                                                              SHA1:DA733F482825EC2D91F9F1186A3F934A2EA21FA1
                                                                                                                              SHA-256:ABCA7CF12937DA14C9323C880EC490CC0E063D7A3EEF2EAC878CD25C84CF1660
                                                                                                                              SHA-512:FFC40B16F5EA2124629D797DC3A431BEB929373BFA773C6CDDC21D0DC4105D7360A485EA502CE8EA3B12EE8DCA8275A0EC386EA179093AF3AA8B31B4DD3AE1CA
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l............" ..0..>...........]... ...`....... ..............................[.....@................................./]..O....`...............................\..8............................................ ............... ..H............text....=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............D..............@..B................c]......H.......t...h..............0....\........................................()...*^.()..........%...}....*:.().....}....*:.().....}....*:.().....}....*..s*...*..s+...*:.(,.....(-...*..{....*"..}....*J.(/........(0...&*:.(,.....(1...*..{2...*"..}2...*.0..(........(3......+.............(0...&..X....i2.*v.(,....s4...}.....s5...}....*v.{.....r...p(...+.....o7....*.0...........o8....+..o9......(...+&.o....-....,..o......*..........."........{..........o:...&.......(.....*....0..L...
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):601376
                                                                                                                              Entropy (8bit):6.185921191564225
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:r+z3H0n063rDHWP5hLG/6XixJQm16Eod7ZeYai1FzJTZJ5BCEOG6y9QsZSc4F2/Q:qzEjrTWPMLBfWFaSdJ5BeG6xs6/yRod
                                                                                                                              MD5:20AB8141D958A58AADE5E78671A719BF
                                                                                                                              SHA1:F914925664AB348081DAFE63594A64597FB2FC43
                                                                                                                              SHA-256:9CFD2C521D6D41C3A86B6B2C3D9B6A042B84F2F192F988F65062F0E1BFD99CAB
                                                                                                                              SHA-512:C5DD5ED90C516948D3D8C6DFA3CA7A6C8207F062883BA442D982D8D05A7DB0707AFEC3A0CB211B612D04CCD0B8571184FC7E81B2E98AE129E44C5C0E592A5563
                                                                                                                              Malicious:false
                                                                                                                              Yara Hits:
                                                                                                                              • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{<............"...0.................. ... ....@.. .......................`.......x....@.................................=...O.... .................. )...@..........8............................................ ............... ..H............text...`.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................q.......H........H................................................................{D...*..{E...*V.(F.....}D.....}E...*...0..A........u1.......4.,/(G....{D....{D...oH...,.(I....{E....{E...oJ...*.*.*. }.o )UU.Z(G....{D...oK...X )UU.Z(I....{E...oL...X*...0..b........r...p......%..{D......%q4....4...-.&.+...4...oM....%..{E......%q5....5...-.&.+...5...oM....(N...*..{O...*..{P...*V.(F.....}O.....}P...*.0..A........u6.......4.,/(G....{O....{O...oH...,.(I....{P....{P...oJ...*.*.*. 1.c. )UU.
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):197120
                                                                                                                              Entropy (8bit):6.58476728626163
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:CxGtNaldxI5KY9h12QMusqVFJRJcyzvJquFzDvJXYrR:BtNalc5fr12QbPJYaquFGr
                                                                                                                              MD5:AE0E6EBA123683A59CAE340C894260E9
                                                                                                                              SHA1:35A6F5EB87179EB7252131A881A8D5D4D9906013
                                                                                                                              SHA-256:D37F58AAE6085C89EDD3420146EB86D5A108D27586CB4F24F9B580208C9B85F1
                                                                                                                              SHA-512:1B6D4AD78C2643A861E46159D5463BA3EC5A23A2A3DE1575E22FDCCCD906EE4E9112D3478811AB391A130FA595306680B8608B245C1EECB11C5BCE098F601D6B
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z<..........." ..0.................. ... ....... .......................`............@.................................-...O.... .......................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................a.......H...........(............^................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*.0..A........(....s....%.~(...%-.&~'.....y...s....%.(...(...+(...+o"...o....*....0..s.......~#.....2. ....+...j..... ......... ...............%.r...p.%.r...p............%.&...($....5..............s%....=...*..0...........~*...%-.&~).....|...s&...%.*...(...+..~+...%-.&~).....}...s(...%.+...(...+.r9..
                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):652
                                                                                                                              Entropy (8bit):4.646296001566109
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:rHy2DLI4MWonY6c/KItfU49cAjUPDLm184c7eA7d5TlO5FMDKt5cFqu+HIR:zHE4rbM2xjU7M8LD7DTlcFq0qEIR
                                                                                                                              MD5:8B45555EF2300160892C25F453098AA4
                                                                                                                              SHA1:0992EBA6A12F7A25C1F50566BEEB3A72D4B93461
                                                                                                                              SHA-256:75552351B688F153370B86713C443AC7013DF3EE8FCAC004B2AB57501B89B225
                                                                                                                              SHA-512:F99FF9A04675E11BAF1FD2343AB9CE3066BAB32E6BD18AEA9344960BF0A14AF8191DDCCA8431AD52D907BCB0CB47861FFB2CD34655F1852D51E04ED766F03505
                                                                                                                              Malicious:false
                                                                                                                              Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP....4..2...n_Q2T}........Z...5...........0A.p.p.l.i.c.a.t.i.o.n.D.i.r.e.c.t.o.r.y.N.a.m.e..... A.p.p.l.i.c.a.t.i.o.n.T.i.t.l.e.....2B.l.a.n.k.M.o.n.i.t.o.r.M.e.s.s.a.g.e.F.o.r.m.a.t.....RE.n.d.P.o.i.n.t.S.t.a.t.u.s.S.l.e.e.p.i.n.g.F.o.r.F.r.e.e.L.i.c.e.n.s.e.T.i.t.l.e.F...FS.e.s.s.i.o.n.I.n.v.a.l.i.d.S.e.s.s.i.o.n.D.e.l.e.t.e.d.M.e.s.s.a.g.e.t.....Support..Support.2Software is Updating.Do not turn off your computer.,Not enough data receiving from host computer..Removed
                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):21018
                                                                                                                              Entropy (8bit):7.841465962209068
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:rcoN78dB74dN78dB74dN78dB74dN78dB74dN78dB74dN78dB74dN78dB74dN78dH:P4Bsj4Bsj4Bsj4Bsj4Bsj4Bsj4Bsj4Bd
                                                                                                                              MD5:EF6DBD4F9C3BB57F1A2C4AF2847D8C54
                                                                                                                              SHA1:41D9329C5719467E8AE8777C2F38DE39F02F6AE4
                                                                                                                              SHA-256:0792210DE652583423688FE6ACAE19F3381622E85992A771BF5E6C5234DBEB8E
                                                                                                                              SHA-512:5D5D0505874DC02832C32B05F7E49EAD974464F6CB50C27CE9393A23FF965AA66971B3C0D98E2A4F28C24147FCA7A0A9BFD25909EC7D5792AD40CED7D51ED839
                                                                                                                              Malicious:false
                                                                                                                              Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP......jF.1P)..../._.ks`.k.`.k.M6pb.......'...........w.......P...1......."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.1.6.....$A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.2.5.6....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.3.2....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.4.8.....,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.B.l.a.n.k.1.6..'..(A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.M.a.c.2.2..1..0A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.O.p.a.q.u.e.1.9.2..;..,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.T.i.t.l.e.1.6..E..6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r.xO.. .....PNG........IHDR...-...-.....:......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs...:...:..d.J...NIDATX...{pT.......$\..................h.m+Z.....I.R.... X.E...V+.^.......i...F.;..IDH..?.l. ..S.qxg2...}.../.y.......r1E..?......*.K[...D.../L....u..n....$!R..Jh...?.dSUX..*.V%..Jy.-.
                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):50133
                                                                                                                              Entropy (8bit):4.759054454534641
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:p1+F+UTQd/3EUDv8vw+Dsj2jr0FJK97w/Leh/KR1exJKekmrg9:p1+F+UTQWUDv8vw+Dsj2jr0FJK97w/LR
                                                                                                                              MD5:D524E8E6FD04B097F0401B2B668DB303
                                                                                                                              SHA1:9486F89CE4968E03F6DCD082AA2E4C05AEF46FCC
                                                                                                                              SHA-256:07D04E6D5376FFC8D81AFE8132E0AA6529CCCC5EE789BEA53D56C1A2DA062BE4
                                                                                                                              SHA-512:E5BC6B876AFFEB252B198FEB8D213359ED3247E32C1F4BFC2C5419085CF74FE7571A51CAD4EAAAB8A44F1421F7CA87AF97C9B054BDB83F5A28FA9A880D4EFDE5
                                                                                                                              Malicious:false
                                                                                                                              Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.q...'..6....wp.......y....C|.)>..Ldt..... $...X..........1$.../...2.%%3./>>...L.y.0.C._.........1Y..Qj.o....<....=...R..;...C....&.......1p2.r.x.u?Y..R...c......X.....I.5.2q..R...>.E.pw .@ ).w.l.....S...X..'.C.I......-.Y........4.J..P<.E..=c!.@To..#.._.2.....K.!..h...z......t......^..4...D...f..Q...:..%.z.<......^.....;<...r..yC.....Q........4_.Sns..z.......=..]t...X..<....8.e`}..n....S.H[..S@?.~....,...j.2..*v.......B....A...a......D..c..w..K,..t...S.....*v....7.6|..&.....r....#....G......Y...i..'.............'.......Z.....#2e..........|....)..%....A.....4{..u;N......&q...}.tD..x.....4...J...L......5.Q..M....K..3U..M..............5...........t.>.......lYu....3TY.?...r...'.......3.m........=.H...#.o.........n.....,4.~...<h..u...i.H...V......V/...P.$%..z...
                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):26722
                                                                                                                              Entropy (8bit):7.7401940386372345
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:rAClIRkKxFCQPZhNAmutHcRIfvVf6yMt+FRVoSVCdcDk6jO0n/uTYUq5ZplYKlBy:MV3PZrXgTf6vEVm6zjpGYUElerG49
                                                                                                                              MD5:5CD580B22DA0C33EC6730B10A6C74932
                                                                                                                              SHA1:0B6BDED7936178D80841B289769C6FF0C8EEAD2D
                                                                                                                              SHA-256:DE185EE5D433E6CFBB2E5FCC903DBD60CC833A3CA5299F2862B253A41E7AA08C
                                                                                                                              SHA-512:C2494533B26128FBF8149F7D20257D78D258ABFFB30E4E595CB9C6A742F00F1BF31B1EE202D4184661B98793B9909038CF03C04B563CE4ECA1E2EE2DEC3BF787
                                                                                                                              Malicious:false
                                                                                                                              Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP)...s^.J.....E.....(....jF.C...1P)...H..../..72J..I.J.a.K8c._.ks`.k.`.kK..m.M6p............b...P...........'...!...............K...............w.......P.......1......."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.1.6.....$A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.2.5.6....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.3.2....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.4.8.....,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.B.l.a.n.k.1.6.;...(A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.M.a.c.2.2.....0A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.O.p.a.q.u.e.1.9.2.8...,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.T.i.t.l.e.1.6.....6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r.4...6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.:...DB.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.V.i.s.i.b.l.e.xb..*B.l.a.n.k.M.o.n.i.t.o.r.T.e.x.t.C.o.l.o.r..b..*D.a.r.k.T.h.e.m.e.B.a.r.B.a.s.e.C.o.l.o.r..b..<D.a.r.k.T.h.
                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exe
                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3343
                                                                                                                              Entropy (8bit):4.771733209240506
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:o3H52H82HzHAHyHVHeHMHZHUH1HyHkHlHgHyHNHtH29PtxA2oFHX:opPN
                                                                                                                              MD5:9322751577F16A9DB8C25F7D7EDD7D9F
                                                                                                                              SHA1:DC74AD5A42634655BCBA909DB1E2765F7CDDFB3D
                                                                                                                              SHA-256:F1A3457E307D721EF5B63FDB0D5E13790968276862EF043FB62CCE43204606DF
                                                                                                                              SHA-512:BB0C662285D7B95B7FAA05E9CC8675B81B33E6F77B0C50F97C9BC69D30FB71E72A7EAF0AFC71AF0C646E35B9EADD1E504A35D5D25847A29FD6D557F7ABD903AB
                                                                                                                              Malicious:false
                                                                                                                              Preview:<?xml version="1.0"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="ShowFeedbackSurveyForm" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportHideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessHideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="HideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowBalloonOnConnect" serializeAs="String">.. <value>fa
                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exe
                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):559
                                                                                                                              Entropy (8bit):5.0448320295966615
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENOaquE3x/vXbAa3xT:2dL9hK6E46YPNZvH
                                                                                                                              MD5:713626784C50E7C27323899881097A75
                                                                                                                              SHA1:AF0DB28BAB5FDB9C19D3AF033C0C68C92EB550F8
                                                                                                                              SHA-256:0F4EB44A669BBBD3D26556C1054EC5C6FBABD766011737F5BF4F0CD3DE1FADE1
                                                                                                                              SHA-512:71D1BB760F1DAF0699BC494ABDD095D5ABC1BD5B2B763DD3C74831E18CFB3E8D82D1FD8924637B2210B60085233B41510D46A9B3B418F5FE6DAEB9557BAD9D0B
                                                                                                                              Malicious:false
                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>wickgrip9.top=176.97.123.103-17%2f12%2f2024%2021%3a21%3a23</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exe
                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):559
                                                                                                                              Entropy (8bit):5.045119383662695
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENOaquE3B/vXbAa3xT:2dL9hK6E46YPNpvH
                                                                                                                              MD5:402379EEBC8CAB123D66EE245E48C86F
                                                                                                                              SHA1:359C80E0FA5F46A526ADC1A2B0CED3FE00555280
                                                                                                                              SHA-256:9F0D311CF33289F29C95FAF55B27DAAD537B271161502D44E36AE4DA9127A680
                                                                                                                              SHA-512:B86541E344F6BF7116756CDF82379AA2F27162A21138AF0B970F1A4157A5CE776052EF1761D35FA40FC7D89582C2AEC664D9DB0A7B2B45D0E6263F8B9257FD95
                                                                                                                              Malicious:false
                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>wickgrip9.top=176.97.123.103-17%2f12%2f2024%2021%3a21%3a30</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exe
                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):559
                                                                                                                              Entropy (8bit):5.046880772043401
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENOaquE3ye/vXbAa3xT:2dL9hK6E46YPNyEvH
                                                                                                                              MD5:D474672FEDABD498638EF197473251C8
                                                                                                                              SHA1:777B905E3B32816B27F8CDCD1534F1E6A415E78B
                                                                                                                              SHA-256:D805D745D85D9CCFEC91606E510655258606A616597F93CC0D4351E2043A5A75
                                                                                                                              SHA-512:0AAC1275193AFF459029DA5FD0C03D47DCF6DD1F83E66091FDAE87F782B27CBFC9543FA37C4B01C4DD8EFECA22960E3A22C2CB8301DE4D2D91003CE4745ECD14
                                                                                                                              Malicious:false
                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>wickgrip9.top=176.97.123.103-17%2f12%2f2024%2021%3a21%3a18</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exe
                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):559
                                                                                                                              Entropy (8bit):5.048293690479899
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENOaquE3J/vXbAa3xT:2dL9hK6E46YPNhvH
                                                                                                                              MD5:8D8BED09E0D9E270D6491AC2D1B1591B
                                                                                                                              SHA1:1289138B9D31A11377B38B394CB01800CF747F2D
                                                                                                                              SHA-256:B5F5A141706359ADDA8B5CC96FCEF4EA6EC50F66B9776FD9C20AD3CE42BFE00D
                                                                                                                              SHA-512:26AA4A51F810A7D28346652ABAACE30D6FA32470AB75931DD9E8B1EB10F5D0842F0600BBF61A56E2BE9A4C3E71ACC76F13C17CC7595B7856B2D7937E03B9D04B
                                                                                                                              Malicious:false
                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>wickgrip9.top=176.97.123.103-17%2f12%2f2024%2021%3a21%3a38</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exe
                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):559
                                                                                                                              Entropy (8bit):5.046003804251499
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENOaquE3+05/vXbAa3xT:2dL9hK6E46YPN9RvH
                                                                                                                              MD5:0A73D20F3033DBC20E21675247D6A4BC
                                                                                                                              SHA1:E0049B021A388D5BDDDB63E62303C1CEA0A8B63D
                                                                                                                              SHA-256:1879AC087BAC356C0ECA93DEF7BC816585BFDA04C8CC7C3B76D1406ECE8210E9
                                                                                                                              SHA-512:2563C12D62C929230113DECE4FA2CE0C3C3907EFA216ABA28A3992E14D78E7BE0D8AC014EDD01C1A90AC1FFF0E7A1356228A7C79D13938F36910538D22E79D5A
                                                                                                                              Malicious:false
                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>wickgrip9.top=176.97.123.103-17%2f12%2f2024%2021%3a21%3a14</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exe
                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                              Category:modified
                                                                                                                              Size (bytes):559
                                                                                                                              Entropy (8bit):5.0448320295966615
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENOaquE3FQv/vXbAa3xT:2dL9hK6E46YPNFGvH
                                                                                                                              MD5:70E2B4A4DD13ADBDA4E8602E76E9AF83
                                                                                                                              SHA1:C0C974756C1D4ED9EA84888BB0AC8FDDCD6C75C7
                                                                                                                              SHA-256:A25D09D6A781CDFFF7281F22A7E6B5FEC22188BDE226C8A8540BF062714D64AC
                                                                                                                              SHA-512:A827BC3D072963272797D0A4E460D30ABC8672ED1FC38D8DB4A027B336B2647CCC49CEDBEF99000E1C9271D0A8F5791CFB4ED75E90215EC1C4DB0D0D9EF6157A
                                                                                                                              Malicious:false
                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>wickgrip9.top=176.97.123.103-17%2f12%2f2024%2021%3a22%3a07</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exe
                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):559
                                                                                                                              Entropy (8bit):5.047936390050167
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENOaquE3l/vXbAa3xT:2dL9hK6E46YPNtvH
                                                                                                                              MD5:4830C8E0BEFF3BF1A437D628357FAEB1
                                                                                                                              SHA1:4356E2ADC84ECA435A87F0FF758C248084748A17
                                                                                                                              SHA-256:E77056820251EBD7E23392D29D0E648BECA36B0F91F68C0A98DA614B56144525
                                                                                                                              SHA-512:B91683FC26B45A9329423E41F80EEAE85129B14BFB03F54DDB7036E07B8CF2F09C3864228D62C5FF1C27B76102F9C2AC35A594AC9013D267292009CECDF1E27D
                                                                                                                              Malicious:false
                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>wickgrip9.top=176.97.123.103-17%2f12%2f2024%2021%3a21%3a49</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exe
                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):559
                                                                                                                              Entropy (8bit):5.046003804251499
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENOaquE3+05/vXbAa3xT:2dL9hK6E46YPN9RvH
                                                                                                                              MD5:0A73D20F3033DBC20E21675247D6A4BC
                                                                                                                              SHA1:E0049B021A388D5BDDDB63E62303C1CEA0A8B63D
                                                                                                                              SHA-256:1879AC087BAC356C0ECA93DEF7BC816585BFDA04C8CC7C3B76D1406ECE8210E9
                                                                                                                              SHA-512:2563C12D62C929230113DECE4FA2CE0C3C3907EFA216ABA28A3992E14D78E7BE0D8AC014EDD01C1A90AC1FFF0E7A1356228A7C79D13938F36910538D22E79D5A
                                                                                                                              Malicious:false
                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>wickgrip9.top=176.97.123.103-17%2f12%2f2024%2021%3a21%3a14</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):68096
                                                                                                                              Entropy (8bit):6.068776675019683
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:tA0ZscQ5V6TsQqoSDKh6+39QFVIl1KJhb8gp:q0Zy3wUOQFVQKJp
                                                                                                                              MD5:0402CF8AE8D04FCC3F695A7BB9548AA0
                                                                                                                              SHA1:044227FA43B7654032524D6F530F5E9B608E5BE4
                                                                                                                              SHA-256:C76F1F28C5289758B6BD01769C5EBFB519EE37D0FA8031A13BB37DE83D849E5E
                                                                                                                              SHA-512:BE4CBC906EC3D189BEBD948D3D44FCF7617FFAE4CC3C6DC49BF4C0BD809A55CE5F8CD4580E409E5BCE7586262FBAF642085FA59FE55B60966DB48D81BA8C0D78
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0.T..........." ..0.............. ... ...@....... ..............................d.....@.................................e ..O....@.......................`..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................. ......H........n..@...................<.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*.~,...%-.&~+.....i...s....%.,...(...+*vs....%.}P.........s....(....*....0...........s....}.....s....}...........}.......(&.....}.....(....&.()..........s....o.....()...~-...%-.&~+.....j...s....%.-...o ....s!...}.....s"...}.....s#...}...... .... 0u.........s....s=...}....... ..6........s....s=...}.....('...($............o%........
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:modified
                                                                                                                              Size (bytes):1662
                                                                                                                              Entropy (8bit):5.368796786510097
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:M1H2HKQ71qHGIs0HKGAHKKkKYHKGSI6oPtHTH+JHvHlu:gWq+wmj0qxqKkKYqGSI6oPtzHIPQ
                                                                                                                              MD5:F133699E2DFF871CA4DC666762B5A7FF
                                                                                                                              SHA1:185FC7D230FC1F8AFC9FC2CF4899B8FFD21BCC57
                                                                                                                              SHA-256:9BA0C7AEE39ACD102F7F44D289F73D94E2FD0FCD6005A767CD63A74848F19FC7
                                                                                                                              SHA-512:8140CDCE2B3B92BF901BD143BFC8FB4FE8F9677036631939D30099C7B2BB382F1267A435E1F5C019EFFFF666D7389F77B06610489D73694FA31D16BD04CAF20A
                                                                                                                              Malicious:false
                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Deployment, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, Pu
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with very long lines (522), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):14194
                                                                                                                              Entropy (8bit):3.8016981441434288
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:nFQsGtsIpUa4FQsGtsI1xj9FQsGtsILFLEv:+jTpUqjT1xjwjTZA
                                                                                                                              MD5:1C85B58840E44C3F145700E9A7DF3C61
                                                                                                                              SHA1:4573C5A1C670B38D381F97B9895C66CE4C146FC7
                                                                                                                              SHA-256:ACB95E4770D6F7895BB33E2494585D41E0D1DED6F5CC2A477728E45064CBC12B
                                                                                                                              SHA-512:5A4FC7E124A3C726072A0585091A1A5C6ACA75C4E43ED001B8B808B713F53D45E171441B7EE43BDF4BBDB0FF49097744353B48815DDF373CCAAB6F1379DE7AA3
                                                                                                                              Malicious:false
                                                                                                                              Preview:..P.L.A.T.F.O.R.M. .V.E.R.S.I.O.N. .I.N.F.O.......W.i.n.d.o.w.s. .......:. .1.0...0...1.9.0.4.5...0. .(.W.i.n.3.2.N.T.).......C.o.m.m.o.n. .L.a.n.g.u.a.g.e. .R.u.n.t.i.m.e. ...:. .4...0...3.0.3.1.9...4.2.0.0.0.......S.y.s.t.e.m...D.e.p.l.o.y.m.e.n.t...d.l.l. .....:. .4...8...4.2.7.0...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......c.l.r...d.l.l. .......:. .4...8...4.5.1.5...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......d.f.d.l.l...d.l.l. .......:. .4...8...4.2.7.0...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......d.f.s.h.i.m...d.l.l. .......:. .1.0...0...1.9.0.4.1...3.0.0.0.0. .(.W.i.n.B.u.i.l.d...1.6.0.1.0.1...0.8.0.0.).........S.O.U.R.C.E.S.......D.e.p.l.o.y.m.e.n.t. .u.r.l.......:. .h.t.t.p.s.:././.m.o.l.a.t.o.r.i.p.r.o...i.c.u./.B.i.n./.S.c.r.e.e.n.C.o.n.n.e.c.t...C.l.i.e.n.t...a.p.p.l.i.c.a.t.i.o.n.?.h.=.w.i.c.k.g.r.i.p.9...t.o.p.&.p.=.8.8.8.0.&.k.=.B.g.I.A.A.A.C.k.A.A.B.S.U.0.E.x.A.A.g.A.A.A.E.A.A.Q.D.F.v.H.7.d.g.n.5.9.O.3.9.3.0.p.S.6.6.I.D.
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):147976
                                                                                                                              Entropy (8bit):5.699150757460175
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:0aNYcT51/FXvMVNWfCXq9ymdrpErpErpXm2o9HuzhJOvP:0dcfiVITrpErpErpXmt8vOvP
                                                                                                                              MD5:B7DEB98212080D0214AD779A9446FF09
                                                                                                                              SHA1:05FAD5E8F0131FB5DD9D6EFA8F879E8FA684B569
                                                                                                                              SHA-256:C8DC03F64AA8D794D5A763B4260C18967267B7E9C55E1BE8D0ECCF5107C9D49A
                                                                                                                              SHA-512:7F93A5DF3A29312518CE188DBD72B987FD5B99DB58C4E8ACC7FF9677907B1B74F2126A6D4FD1DEF4FE136649D5690EB3EBFE739D57299C0A6E4E5EA7DB1C74E2
                                                                                                                              Malicious:false
                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="ScreenConnect.WindowsClient.application" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="ScreenConnect Software" asmv2:product="ScreenConnect Client" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install="false" trustURLParameters="tr
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):197120
                                                                                                                              Entropy (8bit):6.58476728626163
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:CxGtNaldxI5KY9h12QMusqVFJRJcyzvJquFzDvJXYrR:BtNalc5fr12QbPJYaquFGr
                                                                                                                              MD5:AE0E6EBA123683A59CAE340C894260E9
                                                                                                                              SHA1:35A6F5EB87179EB7252131A881A8D5D4D9906013
                                                                                                                              SHA-256:D37F58AAE6085C89EDD3420146EB86D5A108D27586CB4F24F9B580208C9B85F1
                                                                                                                              SHA-512:1B6D4AD78C2643A861E46159D5463BA3EC5A23A2A3DE1575E22FDCCCD906EE4E9112D3478811AB391A130FA595306680B8608B245C1EECB11C5BCE098F601D6B
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z<..........." ..0.................. ... ....... .......................`............@.................................-...O.... .......................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................a.......H...........(............^................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*.0..A........(....s....%.~(...%-.&~'.....y...s....%.(...(...+(...+o"...o....*....0..s.......~#.....2. ....+...j..... ......... ...............%.r...p.%.r...p............%.&...($....5..............s%....=...*..0...........~*...%-.&~).....|...s&...%.*...(...+..~+...%-.&~).....}...s(...%.+...(...+.r9..
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1041
                                                                                                                              Entropy (8bit):5.147328807370198
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:JdFYZ8h9onRigeP0AuWvSkcyMuscVSkTo:3FYZ8h9oYgI0AHHMrGTo
                                                                                                                              MD5:2EA1AC1E39B8029AA1D1CEBB1079C706
                                                                                                                              SHA1:5788C00093D358F8B3D8A98B0BEF5D0703031E3F
                                                                                                                              SHA-256:8965728D1E348834E3F1E2502061DFB9DB41478ACB719FE474FA2969078866E7
                                                                                                                              SHA-512:6B2A8AC25BBFE4D1EC7B9A9AF8FE7E6F92C39097BCFD7E9E9BE070E1A56718EBEFFFA5B24688754724EDBFFA8C96DCFCAA0C86CC849A203C1F5423E920E64566
                                                                                                                              Malicious:false
                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Client" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Client.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depende
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):68096
                                                                                                                              Entropy (8bit):6.068776675019683
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:tA0ZscQ5V6TsQqoSDKh6+39QFVIl1KJhb8gp:q0Zy3wUOQFVQKJp
                                                                                                                              MD5:0402CF8AE8D04FCC3F695A7BB9548AA0
                                                                                                                              SHA1:044227FA43B7654032524D6F530F5E9B608E5BE4
                                                                                                                              SHA-256:C76F1F28C5289758B6BD01769C5EBFB519EE37D0FA8031A13BB37DE83D849E5E
                                                                                                                              SHA-512:BE4CBC906EC3D189BEBD948D3D44FCF7617FFAE4CC3C6DC49BF4C0BD809A55CE5F8CD4580E409E5BCE7586262FBAF642085FA59FE55B60966DB48D81BA8C0D78
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0.T..........." ..0.............. ... ...@....... ..............................d.....@.................................e ..O....@.......................`..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................. ......H........n..@...................<.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*.~,...%-.&~+.....i...s....%.,...(...+*vs....%.}P.........s....(....*....0...........s....}.....s....}...........}.......(&.....}.....(....&.()..........s....o.....()...~-...%-.&~+.....j...s....%.-...o ....s!...}.....s"...}.....s#...}...... .... 0u.........s....s=...}....... ..6........s....s=...}.....('...($............o%........
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1636
                                                                                                                              Entropy (8bit):5.084538887646832
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:JdFYZ8h9onRzgeP0AuS+vSkcyMuscbEMuscuMuscVSkcf5bdTo:3FYZ8h9o9gI0AJCHMrTMr3MrGAXTo
                                                                                                                              MD5:E11E5D85F8857144751D60CED3FAE6D7
                                                                                                                              SHA1:7E0AE834C6B1DEA46B51C3101852AFEEA975D572
                                                                                                                              SHA-256:ED9436CBA40C9D573E7063F2AC2C5162D40BFD7F7FEC4AF2BEED954560D268F9
                                                                                                                              SHA-512:5A2CCF4F02E5ACC872A8B421C3611312A3608C25EC7B28A858034342404E320260457BD0C30EAEFEF6244C0E3305970AC7D9FC64ECE8F33F92F8AD02D4E5FAB0
                                                                                                                              Malicious:false
                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.ClientService" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.ClientService.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Windows" publicKeyToken="4b14c015c87c1ad8" versio
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):95520
                                                                                                                              Entropy (8bit):6.505346220942731
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:rg1s9pgbNBAklbZfe2+zRVdHeDxGXAorrCnBsWBcd6myJkgoT0HMM7CxM7:khbNDxZGXfdHrX7rAc6myJkgoT0HXN7
                                                                                                                              MD5:361BCC2CB78C75DD6F583AF81834E447
                                                                                                                              SHA1:1E2255EC312C519220A4700A079F02799CCD21D6
                                                                                                                              SHA-256:512F9D035E6E88E231F082CC7F0FF661AFA9ACC221CF38F7BA3721FD996A05B7
                                                                                                                              SHA-512:94BA891140E7DDB2EFA8183539490AC1B4E51E3D5BD0A4001692DD328040451E6F500A7FC3DA6C007D9A48DB3E6337B252CE8439E912D4FE7ADC762206D75F44
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..qF.qF.qF....qF.....qF....qF.<.B.qF.<.E.qF.<.C.qF....qF.#..qF.qG..qF.2.O.qF.2...qF.2.D.qF.Rich.qF.........................PE..L.....wc...............!.............!............@.......................................@.................................p...x....`..X............L.. )...p......`!..p............................ ..@............................................text...:........................... ..`.rdata...f.......h..................@..@.data........@.......,..............@....rsrc...X....`.......6..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):548864
                                                                                                                              Entropy (8bit):6.031251664661689
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:7+kYq9xDsxaUGEcANzZ1dkmn27qcO5noYKvKzDrzL9e7eOJsXziIYjVtkb+vbHq+:7SHtpnoVMlUbHbBaYLD
                                                                                                                              MD5:16C4F1E36895A0FA2B4DA3852085547A
                                                                                                                              SHA1:AB068A2F4FFD0509213455C79D311F169CD7CAB8
                                                                                                                              SHA-256:4D4BF19AD99827F63DD74649D8F7244FC8E29330F4D80138C6B64660C8190A53
                                                                                                                              SHA-512:AB4E67BE339BECA30CAB042C9EBEA599F106E1E0E2EE5A10641BEEF431A960A2E722A459534BDC7C82C54F523B21B4994C2E92AA421650EE4D7E0F6DB28B47BA
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z............." ..0..X...........r... ........... ...............................D....@..................................r..O....................................q..8............................................ ............... ..H............text....V... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................r......H........B......................xq........................................{:...*..{;...*V.(<.....}:.....};...*...0..A........u~.......4.,/(=....{:....{:...o>...,.(?....{;....{;...o@...*.*.*. ... )UU.Z(=....{:...oA...X )UU.Z(?....{;...oB...X*...0..b........r...p......%..{:......%q.........-.&.+.......oC....%..{;......%q.........-.&.+.......oC....(D...*..{E...*..{F...*V.(<.....}E.....}F...*.0..A........u........4.,/(=....{E....{E...o>...,.(?....{F....{F...o@...*.*.*. F.b# )UU.
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1216
                                                                                                                              Entropy (8bit):5.1303806593325705
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:JdFYZ8h9onR+geP0Au2vSkcVSkcMKzpdciSkTo:3FYZ8h9o4gI0A3GVETDTo
                                                                                                                              MD5:2343364BAC7A96205EB525ADDC4BBFD1
                                                                                                                              SHA1:9CBA0033ACB4AF447772CD826EC3A9C68D6A3CCC
                                                                                                                              SHA-256:E9D6A0964FBFB38132A07425F82C6397052013E43FEEDCDC963A58B6FB9148E7
                                                                                                                              SHA-512:AB4D01B599F89FE51B0FFE58FC82E9BA6D2B1225DBE8A3CE98F71DCE0405E2521FCA7047974BAFB6255E675CD9B3D8087D645B7AD33D2C6B47B02B7982076710
                                                                                                                              Malicious:false
                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Core" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Core.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Configuration" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.0" />.. </dependentAssem
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1721856
                                                                                                                              Entropy (8bit):6.639136400085158
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:gx5x94kEFj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPo:gx5xKkEJkGYYpT0+TFiH7efP
                                                                                                                              MD5:9F823778701969823C5A01EF3ECE57B7
                                                                                                                              SHA1:DA733F482825EC2D91F9F1186A3F934A2EA21FA1
                                                                                                                              SHA-256:ABCA7CF12937DA14C9323C880EC490CC0E063D7A3EEF2EAC878CD25C84CF1660
                                                                                                                              SHA-512:FFC40B16F5EA2124629D797DC3A431BEB929373BFA773C6CDDC21D0DC4105D7360A485EA502CE8EA3B12EE8DCA8275A0EC386EA179093AF3AA8B31B4DD3AE1CA
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l............" ..0..>...........]... ...`....... ..............................[.....@................................./]..O....`...............................\..8............................................ ............... ..H............text....=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............D..............@..B................c]......H.......t...h..............0....\........................................()...*^.()..........%...}....*:.().....}....*:.().....}....*:.().....}....*..s*...*..s+...*:.(,.....(-...*..{....*"..}....*J.(/........(0...&*:.(,.....(1...*..{2...*"..}2...*.0..(........(3......+.............(0...&..X....i2.*v.(,....s4...}.....s5...}....*v.{.....r...p(...+.....o7....*.0...........o8....+..o9......(...+&.o....-....,..o......*..........."........{..........o:...&.......(.....*....0..L...
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1982
                                                                                                                              Entropy (8bit):5.057585371364542
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:JdFYZ8h9onRbggeP0AuEvSkcyMuscVSkcHSkcf5bdcadccdcckdTo:3FYZ8h9oygI0AbHMrGQAXRTFgTo
                                                                                                                              MD5:50FC8E2B16CC5920B0536C1F5DD4AEAE
                                                                                                                              SHA1:6060C72B1A84B8BE7BAC2ACC9C1CEBD95736F3D6
                                                                                                                              SHA-256:95855EF8E55A75B5B0B17207F8B4BA9370CD1E5B04BCD56976973FD4E731454A
                                                                                                                              SHA-512:BD40E38CAC8203D8E33F0F7E50E2CAB9CFB116894D6CA2D2D3D369E277D93CDA45A31E8345AFC3039B20DD4118DC8296211BADFFA3F1B81E10D14298DD842D05
                                                                                                                              Malicious:false
                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Windows" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Windows.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depen
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):61216
                                                                                                                              Entropy (8bit):6.31175789874945
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:SW/+lo6MOc8IoiKWjbNv8DtyQ4RE+TC6VAhVbIF7fIxp:SLlo6dccl9yQGVtFra
                                                                                                                              MD5:6DF2DEF5E591E2481E42924B327A9F15
                                                                                                                              SHA1:38EAB6E9D99B5CAEEC9703884D25BE8D811620A9
                                                                                                                              SHA-256:B6A05985C4CF111B94A4EF83F6974A70BF623431187691F2D4BE0332F3899DA9
                                                                                                                              SHA-512:5724A20095893B722E280DBF382C9BFBE75DD4707A98594862760CBBD5209C1E55EEAF70AD23FA555D62C7F5E54DE1407FB98FC552F42DCCBA5D60800965C6A5
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L............."...0.................. ........@.. ....................... ......3]....@.....................................O.......,............... )..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B........................H........S......................x.........................................(....*^.(.......a...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(....(....(....r...p(....o....(....r...p..~....(....(....r9..p..~....(....(.....g~).....(....rY..p.(....&(.....(....s....( ...s....(!...*...0...........(".....(#.....($....s....%.o%...%.o&...%.o'...%s!...o(...%~....o)...}......(....o*...o+....(,.....@...%..(.....o-....s....}.....{...........s/...o0....s....}..
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):266
                                                                                                                              Entropy (8bit):4.842791478883622
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                              MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                              SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                              SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                              SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                              Malicious:false
                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):601376
                                                                                                                              Entropy (8bit):6.185921191564225
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:r+z3H0n063rDHWP5hLG/6XixJQm16Eod7ZeYai1FzJTZJ5BCEOG6y9QsZSc4F2/Q:qzEjrTWPMLBfWFaSdJ5BeG6xs6/yRod
                                                                                                                              MD5:20AB8141D958A58AADE5E78671A719BF
                                                                                                                              SHA1:F914925664AB348081DAFE63594A64597FB2FC43
                                                                                                                              SHA-256:9CFD2C521D6D41C3A86B6B2C3D9B6A042B84F2F192F988F65062F0E1BFD99CAB
                                                                                                                              SHA-512:C5DD5ED90C516948D3D8C6DFA3CA7A6C8207F062883BA442D982D8D05A7DB0707AFEC3A0CB211B612D04CCD0B8571184FC7E81B2E98AE129E44C5C0E592A5563
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{<............"...0.................. ... ....@.. .......................`.......x....@.................................=...O.... .................. )...@..........8............................................ ............... ..H............text...`.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................q.......H........H................................................................{D...*..{E...*V.(F.....}D.....}E...*...0..A........u1.......4.,/(G....{D....{D...oH...,.(I....{E....{E...oJ...*.*.*. }.o )UU.Z(G....{D...oK...X )UU.Z(I....{E...oL...X*...0..b........r...p......%..{D......%q4....4...-.&.+...4...oM....%..{E......%q5....5...-.&.+...5...oM....(N...*..{O...*..{P...*V.(F.....}O.....}P...*.0..A........u6.......4.,/(G....{O....{O...oH...,.(I....{P....{P...oJ...*.*.*. 1.c. )UU.
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):266
                                                                                                                              Entropy (8bit):4.842791478883622
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                              MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                              SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                              SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                              SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                              Malicious:false
                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2573
                                                                                                                              Entropy (8bit):5.026361555169168
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:3FYZ8h9o5gI0AsHMrAXQ3MrTMrRGTDBTo:1YiW4AjEvEJ
                                                                                                                              MD5:3133DE245D1C278C1C423A5E92AF63B6
                                                                                                                              SHA1:D75C7D2F1E6B49A43B2F879F6EF06A00208EB6DC
                                                                                                                              SHA-256:61578953C28272D15E8DB5FD1CFFB26E7E16B52ADA7B1B41416232AE340002B7
                                                                                                                              SHA-512:B22D4EC1D99FB6668579FA91E70C182BEC27F2E6B4FF36223A018A066D550F4E90AAC3DFFD8C314E0D99B9F67447613CA011F384F693C431A7726CE0665D7647
                                                                                                                              Malicious:false
                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.WindowsClient" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.WindowsClient.exe" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Drawing" publicKeyToken="b03f5f7f11d50a3a" version="2.0.
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):17866
                                                                                                                              Entropy (8bit):5.954687824833028
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:ze1oEQwK45aMUf6FX9hJX9FX9R/QPIYM7Y7:zd6FX9hJX9FX9R/QPIN07
                                                                                                                              MD5:1DC9DD74A43D10C5F1EAE50D76856F36
                                                                                                                              SHA1:E4080B055DD3A290DB546B90BCF6C5593FF34F6D
                                                                                                                              SHA-256:291FA1F674BE3CA15CFBAB6F72ED1033B5DD63BCB4AEA7FBC79FDCB6DD97AC0A
                                                                                                                              SHA-512:91E8A1A1AEA08E0D3CF20838B92F75FA7A5F5DACA9AEAD5AB7013D267D25D4BF3D291AF2CA0CCE8B73027D9717157C2C915F2060B2262BAC753BBC159055DBDF
                                                                                                                              Malicious:false
                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="ScreenConnect.WindowsClient.exe" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" type="win32" />.. <application />.. <entryPoint>.. <assemblyIdentity name="ScreenConnect.WindowsClient" version="24.2.10.8991" publicKeyToken="4B14C015C87C1AD8" language="neutral" processorArchitecture="msil" />.. <commandLine file="ScreenConnect.WindowsClient.exe" paramet
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):81696
                                                                                                                              Entropy (8bit):5.862223562830496
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:/tytl44RzbwI5kLP+VVVVVVVVVVVVVVVVVVVVVVVVVC7Yp7gxd:8/KukLdUpc
                                                                                                                              MD5:B1799A5A5C0F64E9D61EE4BA465AFE75
                                                                                                                              SHA1:7785DA04E98E77FEC7C9E36B8C68864449724D71
                                                                                                                              SHA-256:7C39E98BEB59D903BC8D60794B1A3C4CE786F7A7AAE3274C69B507EBA94FAA80
                                                                                                                              SHA-512:AD8C810D7CC3EA5198EE50F0CEB091A9F975276011B13B10A37306052697DC43E58A16C84FA97AB02D3927CD0431F62AEF27E500030607828B2129F305C27BE8
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P............"...0..@...........^... ...`....@.. .......................`......j.....@..................................^..O....`.. ............... )...@.......]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc... ....`.......B..............@..@.reloc.......@......................@..B.................^......H....... +..@2..................`]........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s>....(....(....(....(....(.....(....(......s....}B....s....}C....~@...%-.&~?.....<...s ...%.@...o...+.....@...s ...o...+......A...s!...o...+}D.......B...s"...o...+.......(#...&......(#...& .... ...........($...&s....t......r...prs..p(%...(&...~>...%-.&...'...s(...%.>.....A...().......(*........(+...o,...(-...t....
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):266
                                                                                                                              Entropy (8bit):4.842791478883622
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                              MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                              SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                              SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                              SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                              Malicious:false
                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):87
                                                                                                                              Entropy (8bit):3.463057265798253
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:/lqlhGXKRjgjkFmURueGvx2VTUz:4DRPAx2Kz
                                                                                                                              MD5:D2DED43CE07BFCE4D1C101DFCAA178C8
                                                                                                                              SHA1:CE928A1293EA2ACA1AC01B61A344857786AFE509
                                                                                                                              SHA-256:8EEE9284E733B9D4F2E5C43F71B81E27966F5CD8900183EB3BB77A1F1160D050
                                                                                                                              SHA-512:A05486D523556C75FAAEEFE09BB2F8159A111B1B3560142E19048E6E3898A506EE4EA27DD6A4412EE56A7CE7C21E8152B1CDD92804BAF9FAC43973FABE006A2F
                                                                                                                              Malicious:false
                                                                                                                              Preview:......../...............................Microsoft Enhanced Cryptographic Provider v1.0.
                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                              File Type:MS Windows registry file, NT/2000 or above
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1835008
                                                                                                                              Entropy (8bit):4.4654366176242295
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:0IXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNXdwBCswSb7:JXD94+WlLZMM6YFHp+7
                                                                                                                              MD5:2C4BFA1110EE9B677282DF0CAFF8F152
                                                                                                                              SHA1:8C326D18F95801DCAB60D393938BED89F6197FE0
                                                                                                                              SHA-256:9B2AFC72BC1BB39581B385AFB19778ABEC52BD44AD802518A41E0B96FB0B5004
                                                                                                                              SHA-512:F1735FB4F3633A7A3D8CE4889340D8CDAFBDE3E4F1860EC455E3C017A112190D2AA737850D55BF8900863EC9A33386A68E53B0535D2DDCF54C8F0E6D4DAAD366
                                                                                                                              Malicious:false
                                                                                                                              Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.Ee{.P................................................................................................................................................................................................................................................................................................................................................rO........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                              Entropy (8bit):6.518791259670077
                                                                                                                              TrID:
                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                              File name:support.Client.exe
                                                                                                                              File size:83'168 bytes
                                                                                                                              MD5:ee1ec692c5f029ef3aaa57ab58db0f8c
                                                                                                                              SHA1:2fe849e27f98256e374a7b0ee1f9ccbbf68b9080
                                                                                                                              SHA256:71f723ce0a753c9a34ecf467a7e896daf19ac4e5e53d90200af2c15d6325f4f6
                                                                                                                              SHA512:25486b1cf2f856a1557d010ae42e54a39c6431316c4ce74b2a9f080f136ecae641bc6b9677a816cf817fd33b63bb1b72885f6d81ded05f75cc71127d32c53535
                                                                                                                              SSDEEP:1536:ixoG6KpY6Qi3yj2wyq4HwiMO10HVLCJRpsWr6cdaxPBJYY37OxDy:AenkyfPAwiMq0RqRfbaxZJYY39
                                                                                                                              TLSH:3B835C43B5D18875E9720D3118B1E9B4593FBE110EA48EAB3398427E0F351D19E3AE7B
                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ycId...d...d.......n...............|.......A.......v.......v...m`..a...d...........e.......e.......e...Richd...........PE..L..
                                                                                                                              Icon Hash:90cececece8e8eb0
                                                                                                                              Entrypoint:0x401489
                                                                                                                              Entrypoint Section:.text
                                                                                                                              Digitally signed:true
                                                                                                                              Imagebase:0x400000
                                                                                                                              Subsystem:windows gui
                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                              Time Stamp:0x66BBDDB2 [Tue Aug 13 22:26:58 2024 UTC]
                                                                                                                              TLS Callbacks:
                                                                                                                              CLR (.Net) Version:
                                                                                                                              OS Version Major:5
                                                                                                                              OS Version Minor:1
                                                                                                                              File Version Major:5
                                                                                                                              File Version Minor:1
                                                                                                                              Subsystem Version Major:5
                                                                                                                              Subsystem Version Minor:1
                                                                                                                              Import Hash:37d5c89163970dd3cc69230538a1b72b
                                                                                                                              Signature Valid:true
                                                                                                                              Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                              Signature Validation Error:The operation completed successfully
                                                                                                                              Error Number:0
                                                                                                                              Not Before, Not After
                                                                                                                              • 17/08/2022 01:00:00 16/08/2025 00:59:59
                                                                                                                              Subject Chain
                                                                                                                              • CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US
                                                                                                                              Version:3
                                                                                                                              Thumbprint MD5:AAE704EC2810686C3BF7704E660AFB5D
                                                                                                                              Thumbprint SHA-1:4C2272FBA7A7380F55E2A424E9E624AEE1C14579
                                                                                                                              Thumbprint SHA-256:82B4E7924D5BED84FB16DDF8391936EB301479CEC707DC14E23BC22B8CDEAE28
                                                                                                                              Serial:0B9360051BCCF66642998998D5BA97CE
                                                                                                                              Instruction
                                                                                                                              call 00007F53C107F37Ah
                                                                                                                              jmp 00007F53C107EE2Fh
                                                                                                                              push ebp
                                                                                                                              mov ebp, esp
                                                                                                                              push 00000000h
                                                                                                                              call dword ptr [0040B048h]
                                                                                                                              push dword ptr [ebp+08h]
                                                                                                                              call dword ptr [0040B044h]
                                                                                                                              push C0000409h
                                                                                                                              call dword ptr [0040B04Ch]
                                                                                                                              push eax
                                                                                                                              call dword ptr [0040B050h]
                                                                                                                              pop ebp
                                                                                                                              ret
                                                                                                                              push ebp
                                                                                                                              mov ebp, esp
                                                                                                                              sub esp, 00000324h
                                                                                                                              push 00000017h
                                                                                                                              call dword ptr [0040B054h]
                                                                                                                              test eax, eax
                                                                                                                              je 00007F53C107EFB7h
                                                                                                                              push 00000002h
                                                                                                                              pop ecx
                                                                                                                              int 29h
                                                                                                                              mov dword ptr [004118C0h], eax
                                                                                                                              mov dword ptr [004118BCh], ecx
                                                                                                                              mov dword ptr [004118B8h], edx
                                                                                                                              mov dword ptr [004118B4h], ebx
                                                                                                                              mov dword ptr [004118B0h], esi
                                                                                                                              mov dword ptr [004118ACh], edi
                                                                                                                              mov word ptr [004118D8h], ss
                                                                                                                              mov word ptr [004118CCh], cs
                                                                                                                              mov word ptr [004118A8h], ds
                                                                                                                              mov word ptr [004118A4h], es
                                                                                                                              mov word ptr [004118A0h], fs
                                                                                                                              mov word ptr [0041189Ch], gs
                                                                                                                              pushfd
                                                                                                                              pop dword ptr [004118D0h]
                                                                                                                              mov eax, dword ptr [ebp+00h]
                                                                                                                              mov dword ptr [004118C4h], eax
                                                                                                                              mov eax, dword ptr [ebp+04h]
                                                                                                                              mov dword ptr [004118C8h], eax
                                                                                                                              lea eax, dword ptr [ebp+08h]
                                                                                                                              mov dword ptr [004118D4h], eax
                                                                                                                              mov eax, dword ptr [ebp-00000324h]
                                                                                                                              mov dword ptr [00411810h], 00010001h
                                                                                                                              Programming Language:
                                                                                                                              • [IMP] VS2008 SP1 build 30729
                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x1060c0x3c.rdata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x130000x1e0.rsrc
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x118000x2ce0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x140000xddc.reloc
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xfe380x70.rdata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xfd780x40.rdata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0xb0000x13c.rdata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                              .text0x10000x9cf80x9e00bae4521030709e187bdbe8a34d7bf731False0.6035650712025317data6.581464957368758IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                              .rdata0xb0000x5d580x5e00ec94ce6ebdbe57640638e0aa31d08896False0.4178025265957447Applesoft BASIC program data, first line number 14.843224204192078IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                              .data0x110000x11cc0x80004a548a5c04675d08166d3823a6bf61bFalse0.16357421875data2.0120795802951505IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              .rsrc0x130000x1e00x200aa256780346be2e1ee49ac6d69d2faffFalse0.52734375data4.703723272345726IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                              .reloc0x140000xddc0xe00908329e10a1923a3c4938a10d44237d9False0.7776227678571429data6.495696626464028IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                              RT_MANIFEST0x130600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727
                                                                                                                              DLLImport
                                                                                                                              KERNEL32.dllLocalFree, GetProcAddress, LoadLibraryA, Sleep, LocalAlloc, GetModuleFileNameW, DecodePointer, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, RaiseException, GetStdHandle, WriteFile, GetModuleFileNameA, MultiByteToWideChar, WideCharToMultiByte, ExitProcess, GetModuleHandleExW, GetACP, CloseHandle, HeapAlloc, HeapFree, FindClose, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringW, SetStdHandle, GetFileType, GetStringTypeW, GetProcessHeap, HeapSize, HeapReAlloc, FlushFileBuffers, GetConsoleCP, GetConsoleMode, SetFilePointerEx, WriteConsoleW, CreateFileW
                                                                                                                              CRYPT32.dllCertDeleteCertificateFromStore, CryptMsgGetParam, CertCloseStore, CryptQueryObject, CertAddCertificateContextToStore, CertFindAttribute, CertFreeCertificateContext, CertCreateCertificateContext, CertOpenSystemStoreA
                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                              EnglishUnited States
                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                              2024-12-17T22:20:41.373466+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.21.64.1443192.168.2.449750TCP
                                                                                                                              2024-12-17T22:20:44.382472+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.21.64.1443192.168.2.449753TCP
                                                                                                                              2024-12-17T22:20:53.702721+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.21.64.1443192.168.2.449759TCP
                                                                                                                              2024-12-17T22:20:56.197531+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.21.64.1443192.168.2.449760TCP
                                                                                                                              2024-12-17T22:20:58.932550+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.21.64.1443192.168.2.449761TCP
                                                                                                                              2024-12-17T22:21:01.611329+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.21.64.1443192.168.2.449762TCP
                                                                                                                              2024-12-17T22:21:07.025259+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.21.64.1443192.168.2.449763TCP
                                                                                                                              2024-12-17T22:21:10.366662+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.21.64.1443192.168.2.449764TCP
                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Dec 17, 2024 22:20:24.395360947 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:24.395401955 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:24.395473957 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:25.198887110 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:25.198910952 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:26.431716919 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:26.431798935 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:26.435672998 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:26.435684919 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:26.436094046 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:26.485455036 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:26.498260975 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:26.539339066 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.298024893 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.298082113 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.298135042 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.298180103 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.298188925 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.298202038 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.298273087 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.298310041 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.298310041 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.298324108 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.306391954 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.306509972 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.306519985 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.317682028 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.317739010 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.317753077 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.360482931 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.417517900 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.485461950 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.485501051 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.490169048 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.492680073 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.492691994 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.502137899 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.502177954 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.502274990 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.502291918 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.502424955 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.510389090 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.518482924 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.518553972 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.518582106 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.518596888 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.519651890 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.526714087 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.534872055 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.535737991 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.535748005 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.542841911 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.544296026 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.544305086 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.551125050 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.551798105 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.551808119 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.559164047 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.559472084 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.559479952 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.571934938 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.572057962 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.572151899 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.572160959 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.572213888 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.578564882 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.584963083 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.587927103 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.587937117 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.641695023 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.682106972 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.685261965 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.685741901 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.685849905 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.685866117 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.686028004 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.690377951 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.699908018 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.700021982 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.700031996 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.700090885 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.704695940 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.704718113 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.704880953 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.709338903 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.711199045 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.711206913 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.718128920 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.718249083 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.718255997 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.718302011 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.726146936 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.726166964 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.726279020 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.730320930 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.730395079 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.738668919 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.738858938 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.747123957 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.747209072 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.751305103 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.751477957 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.759588003 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.759708881 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.767930031 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.768013000 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.776362896 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.776475906 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.780633926 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.780822992 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.790976048 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.791093111 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.886828899 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.886929989 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.891561031 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.891805887 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.897592068 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.897692919 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.900652885 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.900806904 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.906332970 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.906411886 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.912177086 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.912276983 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.914794922 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.914932966 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.920075893 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.920161963 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.925353050 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.925421000 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.925457954 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.925585032 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.925595999 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.925616980 CET44349732104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:27.925690889 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:27.934070110 CET49732443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:28.370666981 CET49738443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:28.370702982 CET44349738104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:28.370785952 CET49738443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:28.371033907 CET49738443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:28.371047974 CET44349738104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:29.592875957 CET44349738104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:29.602616072 CET49738443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:29.602634907 CET44349738104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:30.412339926 CET44349738104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:30.412488937 CET44349738104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:30.412549973 CET49738443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:30.412575006 CET44349738104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:30.412664890 CET44349738104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:30.412709951 CET49738443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:30.412717104 CET44349738104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:30.412832022 CET44349738104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:30.412878036 CET49738443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:30.412883997 CET44349738104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:30.420324087 CET44349738104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:30.420393944 CET49738443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:30.420402050 CET44349738104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:30.432336092 CET44349738104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:30.432414055 CET49738443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:30.432424068 CET44349738104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:30.485410929 CET49738443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:30.532006979 CET44349738104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:30.579166889 CET49738443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:30.631773949 CET44349738104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:30.635658026 CET44349738104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:30.635711908 CET49738443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:30.635729074 CET44349738104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:30.635977030 CET44349738104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:30.636024952 CET49738443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:30.636632919 CET49738443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:38.929769993 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:38.929816008 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:38.929893017 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:38.930176020 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:38.930197001 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:40.147810936 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:40.176754951 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:40.176805019 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.096892118 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.097026110 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.097111940 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.097198963 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.097210884 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.097265959 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.097356081 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.097404003 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.097424030 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.097635031 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.104907990 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.105134010 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.105149031 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.113934040 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.114370108 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.114389896 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.157464981 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.157480955 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.204310894 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.217206955 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.266685009 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.288877010 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.292628050 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.292819977 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.292855978 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.303540945 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.303667068 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.303714037 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.303735018 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.308878899 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.311657906 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.319808960 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.327625036 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.327699900 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.327709913 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.327733040 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.327795029 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.335630894 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.339607000 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.339639902 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.343786001 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.343888044 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.343895912 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.351640940 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.353580952 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.353588104 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.359646082 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.366645098 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.366712093 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.366730928 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.368060112 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.373512983 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.380601883 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.380675077 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.385588884 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.385608912 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.392216921 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.392232895 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.438527107 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.481002092 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.485479116 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.485634089 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.485657930 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.499574900 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.499587059 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.499758005 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.499775887 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.514559031 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.514838934 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.514854908 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.515047073 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.515060902 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.528137922 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.531599998 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.531621933 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.535970926 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.541481972 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.541491032 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.541695118 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.553261995 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.553268909 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.553699970 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.558195114 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.558207989 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.558535099 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.567666054 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.567692041 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.567790985 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.577187061 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.577194929 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.579962015 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.586838961 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.586980104 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.591522932 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.591681957 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.591700077 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.591744900 CET44349750104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.595927954 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.599713087 CET49750443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.683886051 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.683955908 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:41.684134007 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.685245991 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:41.685267925 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:43.182430983 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:43.183653116 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:43.183690071 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.107947111 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.108015060 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.108061075 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.108083010 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.108124018 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.113617897 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.113641024 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.116270065 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.119230986 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.119246960 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.132889032 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.132963896 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.132975101 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.141205072 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.141357899 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.141411066 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.141422033 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.141462088 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.227376938 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.282331944 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.304667950 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.308552027 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.308808088 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.308840990 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.315089941 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.317070007 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.317084074 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.331540108 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.331621885 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.331624031 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.331640005 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.331681967 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.339615107 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.347918987 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.347955942 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.347971916 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.348009109 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.348058939 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.356159925 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.364455938 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.364490032 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.364507914 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.364520073 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.364653111 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.370393991 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.376516104 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.376554966 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.376583099 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.376600981 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.376642942 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.382488966 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.388469934 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.388524055 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.388537884 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.394385099 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.394484997 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.394495010 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.438591957 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.497102022 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.504221916 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.504401922 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.504462957 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.504487038 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.504674911 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.516194105 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.516215086 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.516268969 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.522213936 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.522277117 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.522330999 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.522397995 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.522406101 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.522505999 CET44349753104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.522603989 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.522876978 CET49753443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.534174919 CET49754443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.534240007 CET44349754104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:44.534459114 CET49754443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.534710884 CET49754443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:44.534729004 CET44349754104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:45.767160892 CET44349754104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:45.768826962 CET49754443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:45.768892050 CET44349754104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:46.706695080 CET44349754104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:46.706813097 CET44349754104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:46.706938028 CET49754443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:46.745676041 CET49754443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:46.979358912 CET49756443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:46.979415894 CET44349756104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:46.979490995 CET49756443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:46.979907036 CET49756443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:46.979928017 CET44349756104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:48.197778940 CET44349756104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:48.199127913 CET49756443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:48.199227095 CET44349756104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:49.115698099 CET44349756104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:49.115811110 CET44349756104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:49.115861893 CET49756443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:49.116796017 CET49756443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:49.129550934 CET49758443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:49.129582882 CET44349758104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:49.129642963 CET49758443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:49.129884005 CET49758443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:49.129897118 CET44349758104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:50.356890917 CET44349758104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:50.358845949 CET49758443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:50.358891010 CET44349758104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:51.270299911 CET44349758104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:51.270375013 CET44349758104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:51.270539999 CET49758443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:51.271600962 CET49758443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:51.276665926 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:51.276719093 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:51.276783943 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:51.277089119 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:51.277107000 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:52.514295101 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:52.516242981 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:52.516272068 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.428881884 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.429050922 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.429147005 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.429230928 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.429238081 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.429266930 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.429310083 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.429374933 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.429414988 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.436466932 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.444843054 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.444904089 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.444921017 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.444968939 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.445014000 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.547908068 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.551975012 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.557703018 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.557732105 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.610479116 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.620268106 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.625580072 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.625663042 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.625720978 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.625739098 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.628416061 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.633647919 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.641793013 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.642759085 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.642792940 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.649554014 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.649630070 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.649650097 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.657690048 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.660682917 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.660710096 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.665608883 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.665678024 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.665685892 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.673605919 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.673669100 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.673691988 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.682027102 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.682101011 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.682122946 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.696099043 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.696211100 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.696237087 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.702810049 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.702886105 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.702894926 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.702920914 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.702975035 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.709458113 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.716295958 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.716375113 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.716403008 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.766885996 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.812220097 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.814527035 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.815676928 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.815723896 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.825432062 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.825445890 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.825515985 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.825560093 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.834664106 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.834759951 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.834768057 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.834799051 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.834851027 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.843919992 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.843947887 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.844005108 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.852910995 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.852933884 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.852982998 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.857619047 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.857640028 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.857712030 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.866772890 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.866794109 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.866833925 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.871589899 CET44349759104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.871948957 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.872304916 CET49759443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.885286093 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.885337114 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:53.885436058 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.885695934 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:53.885716915 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:55.102324009 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:55.157289028 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:55.198390007 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:55.198409081 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:55.929152966 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:55.929214954 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:55.929239988 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:55.929258108 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:55.929271936 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:55.929301023 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:55.929306984 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:55.929311991 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:55.929354906 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:55.937444925 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:55.949323893 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:55.949382067 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:55.949388027 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.001060963 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.001070976 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.047940969 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.048863888 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.094795942 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.094830036 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.124876022 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.125287056 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.125427961 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.125464916 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.127693892 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.130642891 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.138485909 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.139633894 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.139657974 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.146636963 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.148250103 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.148269892 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.153404951 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.155702114 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.155719042 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.161628008 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.165579081 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.165596008 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.175945044 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.176074028 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.176135063 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.176153898 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.176564932 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.183794975 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.191669941 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.191695929 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.191747904 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.191765070 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.191894054 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.197542906 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.207663059 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.211744070 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.211764097 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.266664982 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.266700029 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.313529015 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.313544035 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.314306974 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.316567898 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.316576004 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.318799973 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.318861961 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.318870068 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.332175970 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.332252026 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.332304001 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.332314014 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.336653948 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.336738110 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.336746931 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.337587118 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.340899944 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.340984106 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.349433899 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.349455118 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.349524975 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.358056068 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.358078003 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.358149052 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.362158060 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.362183094 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.362226963 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.370707989 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.370803118 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.370812893 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.373586893 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.379204035 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.379228115 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.379498959 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.383533001 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.383605957 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.383613110 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.383667946 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.392144918 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.392242908 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.400510073 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.400579929 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.409051895 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.409133911 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.413378000 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.413440943 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.506654024 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.506743908 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.508173943 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.508236885 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.513230085 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.513310909 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.516772985 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.516824007 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.525727987 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.525800943 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.527785063 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.527864933 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.533976078 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.534056902 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.539679050 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.539760113 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.545485020 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.545547009 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.548330069 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.548378944 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.553875923 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.553935051 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.559602022 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.559678078 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.562578917 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.562640905 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.563838005 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.563899994 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.569425106 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.569495916 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.570425987 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.570487022 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.573751926 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.573817968 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.576770067 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.576822996 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.579719067 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.579771996 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.581551075 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.581604958 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.584950924 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.585022926 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.586606979 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.586663961 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.587910891 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.588112116 CET44349760104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.588170052 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.588495016 CET49760443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.639779091 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.639828920 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:56.639964104 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.640146971 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:56.640156984 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:57.853383064 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:57.865008116 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:57.865032911 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.660803080 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.660850048 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.660892010 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.660933018 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.660932064 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:58.660959959 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.660978079 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:58.670190096 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.670237064 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.670253038 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:58.670280933 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.670455933 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:58.678668976 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.735419989 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:58.735447884 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.780654907 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.780870914 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:58.780903101 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.829197884 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:58.852907896 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.856683969 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.856827021 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:58.856842995 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.864624977 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.864712954 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:58.864731073 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.872454882 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.872575998 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:58.872591972 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.883193970 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.883328915 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:58.883352995 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.888320923 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.888406992 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:58.888422012 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.896225929 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.896359921 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:58.896395922 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.911782026 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.911878109 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.911968946 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:58.911992073 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.912060022 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:58.919611931 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.926075935 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.926179886 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.926188946 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:58.926213026 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.926321983 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:58.932591915 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.939208984 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.939282894 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:58.939291954 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.945626974 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:58.945719004 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:58.945738077 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:59.001034975 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:59.058937073 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:59.065207958 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:59.065624952 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:59.065653086 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:59.110459089 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:59.178592920 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:59.185148954 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:59.185230017 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:59.185259104 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:59.185317039 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:59.298088074 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:59.298100948 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:59.298141003 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:59.298171043 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:59.298178911 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:59.298206091 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:59.298214912 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:59.298235893 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:59.298254967 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:59.298264980 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:59.298302889 CET44349761104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:59.298343897 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:59.298897982 CET49761443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:59.312813997 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:59.312859058 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:20:59.312932968 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:59.313230991 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:20:59.313246012 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:00.525898933 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:00.568473101 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:00.568495035 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.326004028 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.326067924 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.326093912 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.326119900 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.326253891 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.326280117 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.334290028 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.334352970 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.334367037 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.344851971 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.345614910 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.345638037 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.391676903 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.446038008 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.500987053 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.501004934 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.530328035 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.530400991 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.530407906 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.534239054 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.534281969 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.534286022 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.545480967 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.545572042 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.545577049 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.553662062 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.557635069 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.557652950 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.561743021 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.561817884 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.561821938 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.569716930 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.569794893 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.569798946 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.585983992 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.586015940 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.586065054 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.586071014 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.586107969 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.592477083 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.598887920 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.598933935 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.598992109 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.598997116 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.599035978 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.605061054 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.611407042 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.613574028 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.613584995 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.617726088 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.619685888 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.619689941 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.672884941 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.722459078 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.724915028 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.725009918 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.725064039 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.725076914 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.725119114 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.729821920 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.739768982 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.739778042 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.739850998 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.739857912 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.748707056 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.748769999 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.748785019 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.748823881 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.753216028 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.753269911 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.762259007 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.762264967 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.762326956 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.767347097 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.767354012 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.767416954 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.775942087 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.776035070 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.784867048 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.784974098 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.789462090 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.789526939 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.798525095 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.798649073 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.807506084 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.807569981 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.812124014 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.812191963 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.821100950 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.821173906 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.830092907 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.830159903 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.839075089 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.839253902 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.916821003 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.916964054 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.923954964 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.924127102 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.927422047 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.927517891 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.934103012 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.934200048 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.937227964 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.937299013 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.943653107 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.943717003 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.949708939 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.949786901 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.952754021 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.952832937 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.958705902 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.958939075 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.964318037 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.964442015 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.969945908 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.970027924 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.972910881 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.972985029 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.978406906 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.978477955 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.981329918 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.981393099 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.987082005 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.987152100 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.992629051 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.992705107 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:01.998439074 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:01.998563051 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.001312971 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.001396894 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.006934881 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.007019997 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.012614965 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.012768984 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.034475088 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.034631968 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.034643888 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.034687996 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.038407087 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.038486958 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.044142962 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.044224977 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.046968937 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.047039032 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.052654028 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.052735090 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.115349054 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.115365982 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.115382910 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.115422010 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.115437984 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.115463018 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.115484953 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.128781080 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.128810883 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.128885984 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.128922939 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.128942013 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.128957987 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.140166044 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.140225887 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.140240908 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.140250921 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.140280962 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.140299082 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.153384924 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.153414965 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.153460979 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.153476954 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.153510094 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.153518915 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.163775921 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.163800955 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.163842916 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.163861990 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.163881063 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.163901091 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.172178030 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.172204018 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.172272921 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.172291040 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.172306061 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.172329903 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.179780960 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.179805994 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.179864883 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.179881096 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.179912090 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.179932117 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.298980951 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.299007893 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.299181938 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.299215078 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.299257040 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.299633026 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.305342913 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.305362940 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.305563927 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.305589914 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.311634064 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.311708927 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.311748028 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.311760902 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.311784029 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.317732096 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.317775011 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.317822933 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.317852974 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.317866087 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.323149920 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.323199034 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.323219061 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.323235035 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.323260069 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.329662085 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.329701900 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.329741001 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.329771042 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.329904079 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.335072994 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.335123062 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.335155010 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.335174084 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.335186958 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.341523886 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.341568947 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.341603994 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.341630936 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.341650963 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.391680956 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.512851000 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.512885094 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.512938023 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.512957096 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.512999058 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.513016939 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.519099951 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.519120932 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.519216061 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.519247055 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.519288063 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.524553061 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.524574995 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.524638891 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.524653912 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.524692059 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.530628920 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.530648947 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.530709028 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.530719042 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.530755997 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.536863089 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.536881924 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.536983013 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.537015915 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.537054062 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.542224884 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.542244911 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.542311907 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.542321920 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.542357922 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.548759937 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.548789024 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.548866987 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.548897982 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.548935890 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.554177999 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.554193974 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.554287910 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.554316044 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.554351091 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.704879045 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.704945087 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.704989910 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.705013037 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.705044031 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.705065012 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.711107969 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.711133003 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.711196899 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.711219072 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.711247921 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.711258888 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.716506004 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.716533899 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.716577053 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.716590881 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.716613054 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.716631889 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.722969055 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.723009109 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.723043919 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.723057985 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.723078966 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.723098040 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.728919983 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.728945017 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.728988886 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.729007006 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.729020119 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.729047060 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.734251976 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.734302044 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.734323978 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.734342098 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.734354973 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.734374046 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.740886927 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.740935087 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.740977049 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.740997076 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.741014004 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.741034031 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.746253014 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.746273994 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.746324062 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.746342897 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.746378899 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.746407032 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.897042990 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.897077084 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.897196054 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.897248030 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.897294044 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.903294086 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.903331995 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.903453112 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.903506041 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.903553963 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.908684015 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.908711910 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.908807993 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.908850908 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.908890009 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.914879084 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.914906979 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.915004969 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.915041924 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.915077925 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.920938969 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.920957088 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.921066999 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.921106100 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.921144009 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.927217960 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.927236080 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.927356005 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.927386999 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.927428007 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.932898045 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.932915926 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.933022022 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.933048964 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.933088064 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.938211918 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.938227892 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.938299894 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:02.938313961 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:02.938369036 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.089232922 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.089258909 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.089404106 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.089433908 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.089483023 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.095510960 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.095532894 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.095629930 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.095649004 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.095690012 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.101741076 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.101763010 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.101845026 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.101874113 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.101914883 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.107218981 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.107242107 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.107347012 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.107369900 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.107413054 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.113198042 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.113214970 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.113281965 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.113289118 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.113325119 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.119534016 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.119585037 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.119755983 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.119764090 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.119827986 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.125330925 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.125379086 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.125410080 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.125417948 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.125452995 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.125469923 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.131494999 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.131537914 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.131589890 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.131597042 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.131618977 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.131638050 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.298665047 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.298698902 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.298856974 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.298881054 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.298974991 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.305634975 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.305660963 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.305763960 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.305774927 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.305819035 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.311069012 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.311084986 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.311189890 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.311198950 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.311233044 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.320954084 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.321002960 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.321050882 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.321058989 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.321105003 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.329446077 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.329490900 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.329552889 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.329571962 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.329581976 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.329613924 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.338905096 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.338954926 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.339047909 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.339060068 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.339075089 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.339098930 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.345374107 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.345441103 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.345496893 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.345504999 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.345582008 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.350851059 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.350915909 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.350944996 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.350965977 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.351157904 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.351195097 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.351479053 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.367381096 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.367505074 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.490740061 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.490768909 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.490864992 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.490894079 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.490906954 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.492549896 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.497889042 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.497919083 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.497999907 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.498030901 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.498065948 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.504007101 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.504029989 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.504077911 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.504089117 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.504122972 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.504566908 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.513756990 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.513787031 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.513824940 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.513837099 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.513864040 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.513870001 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.521740913 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.521825075 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.521828890 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.521856070 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.521884918 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.531579971 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.531610966 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.531652927 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.531670094 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.531704903 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.537609100 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.537652016 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.537698030 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.537714958 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.537743092 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.553251028 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.553272963 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.553316116 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.553332090 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.553363085 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.598023891 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.683003902 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.683018923 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.683067083 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.683085918 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.683098078 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.683109999 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.683119059 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.683145046 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.690207005 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.690231085 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.690285921 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.690299988 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.690318108 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.690354109 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.695713043 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.695733070 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.695761919 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.695775032 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.695792913 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.695816994 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.708728075 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.708760023 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.708780050 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.708787918 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.708811998 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.708830118 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.717643023 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.717664003 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.717700958 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.717708111 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.717732906 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.717756033 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.729327917 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.729353905 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.729404926 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.729419947 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.729459047 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.729480028 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.735111952 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.735135078 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.735177994 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.735188961 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.735232115 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.741054058 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.741075993 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.741120100 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.741126060 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.741173983 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.884876966 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.884907007 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.884958982 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.884978056 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.885031939 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.893693924 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.893718004 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.893771887 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.893786907 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.893810987 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.893829107 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.899831057 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.899852991 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.899900913 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.899909019 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.899959087 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.908024073 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.908046007 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.908097029 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.908102989 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.908132076 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.908149004 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.916109085 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.916131020 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.916171074 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.916181087 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.916218996 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.922139883 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.922162056 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.922204018 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.922209024 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.922244072 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.928236961 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.928258896 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.928303003 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.928309917 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.928349972 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.933810949 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.933831930 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.933872938 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.933881044 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:03.933907986 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:03.933936119 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.086491108 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.086534023 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.086734056 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.086777925 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.086836100 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.092709064 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.092742920 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.092834949 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.092842102 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.092890978 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.098474979 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.098555088 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.098560095 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.098587036 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.098615885 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.098629951 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.107812881 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.107842922 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.107909918 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.107917070 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.107956886 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.114013910 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.114046097 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.114150047 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.114157915 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.114197016 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.120095968 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.120120049 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.120181084 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.120189905 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.120229006 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.125468016 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.125488997 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.125555038 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.125565052 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.125601053 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.131705046 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.131728888 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.131792068 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.131802082 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.131839991 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.278721094 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.278750896 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.278789997 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.278805017 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.278840065 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.279088974 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.284847021 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.284869909 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.284904957 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.284914970 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.284930944 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.284953117 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.290385008 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.290407896 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.290460110 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.290466070 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.290497065 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.290513992 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.299985886 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.300015926 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.300043106 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.300057888 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.300087929 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.300101995 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.306153059 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.306181908 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.306232929 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.306240082 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.306271076 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.306287050 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.306895018 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.306948900 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.306956053 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.307013988 CET44349762104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.307126999 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.307324886 CET49762443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.379656076 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.379714012 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:04.379945040 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.380301952 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:04.380315065 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:05.665360928 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:05.666912079 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:05.666951895 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.600353003 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.600404978 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.600438118 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.600445986 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:06.600475073 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.600509882 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.600512028 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:06.600521088 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.600549936 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:06.600557089 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.608542919 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.608597994 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:06.608629942 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.617063999 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.617120981 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:06.617145061 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.657243967 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:06.657275915 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.704195976 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:06.792660952 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.796495914 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.796569109 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:06.796597958 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.804171085 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.804224014 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:06.804235935 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.812055111 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.812108040 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:06.812117100 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.819957018 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.820036888 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:06.820063114 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.827682972 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.827876091 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:06.827888012 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.835544109 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.835618019 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:06.835625887 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.843584061 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.843682051 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:06.843688965 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.851089001 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.851166010 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:06.851186991 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.866714954 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.866780996 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.866782904 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:06.866822958 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.866878033 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:06.874535084 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:06.922882080 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.025311947 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.027481079 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.027575016 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.027601957 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.042788982 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.042846918 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.043067932 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.043077946 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.043118954 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.050529003 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.058125973 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.058372021 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.058381081 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.073441982 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.073703051 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.073720932 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.073784113 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.081089973 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.081104994 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.081178904 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.088818073 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.088922024 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.088928938 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.103893995 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.104078054 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.104113102 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.104176998 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.111520052 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.111536026 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.111609936 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.126797915 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.126808882 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.126898050 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.142056942 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.142144918 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.150003910 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.150119066 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.165111065 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.165304899 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.220606089 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.220858097 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.226752043 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.226866007 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.238856077 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.239059925 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.250245094 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.250467062 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.255867958 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.255933046 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.266226053 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.266314983 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.276180983 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.276361942 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.285878897 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.285986900 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.290926933 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.291106939 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.297985077 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.298048019 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.298068047 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.300704956 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.300770044 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.300784111 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.300853968 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.306149960 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.306224108 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.311347008 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.311414003 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.316724062 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.316795111 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.319495916 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.319555998 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.324862003 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.324919939 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.330377102 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.330434084 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.332927942 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.332983971 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.436911106 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.437038898 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.438301086 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.438381910 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.441972971 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.442082882 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.446242094 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.446317911 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.450424910 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.450516939 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.454610109 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.454690933 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.456768036 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.456851006 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.460932970 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.461040974 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.461055040 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.463051081 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.463115931 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.463124990 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.463171959 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.466768980 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.466833115 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.479599953 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.479609966 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.479646921 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.479679108 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.479690075 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.479716063 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.479737043 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.485160112 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.485239983 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.497955084 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.497982979 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.498047113 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.498076916 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.509922981 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.509952068 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.509979963 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.509995937 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.510025978 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.522825003 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.522845030 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.522891045 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.522910118 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.522933006 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.563527107 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.629033089 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.629057884 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.629127979 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.629152060 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.629165888 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.631077051 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.637851000 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.637871981 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.637943029 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.637963057 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.637976885 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.638056993 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.647751093 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.647769928 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.647871017 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.647888899 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.648082972 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.656999111 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.657016993 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.657090902 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.657110929 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.657151937 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.664884090 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.664901972 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.664969921 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.664988041 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.667115927 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.674557924 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.674578905 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.674664974 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.674685001 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.674741030 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.682487011 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.682518959 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.682584047 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.682600021 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.682908058 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.691700935 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.691725969 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.691788912 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.691802025 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.691831112 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.691847086 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.821321011 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.821345091 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.821445942 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.821476936 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.825576067 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.828151941 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.828169107 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.828232050 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.828241110 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.833564997 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.835612059 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.835629940 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.835690975 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.835697889 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.841553926 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.842174053 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.842190981 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.842252970 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.842262030 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.844779968 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.849600077 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.849617004 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.849687099 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.849694967 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.853581905 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.856709003 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.856724977 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.856797934 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.856805086 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.861577988 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.864203930 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.864222050 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.864285946 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.864293098 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.869553089 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.871628046 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.871644020 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.871704102 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:07.871712923 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:07.877559900 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:08.015621901 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:08.015646935 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:08.015826941 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:08.015856028 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:08.016870975 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:08.022387981 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:08.022406101 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:08.022496939 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:08.022505999 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:08.022670984 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:08.029860020 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:08.029876947 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:08.029948950 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:08.029958010 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:08.030046940 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:08.035357952 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:08.035403013 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:08.035468102 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:08.035480022 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:08.035491943 CET44349763104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:08.035511971 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:08.035535097 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:08.036147118 CET49763443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:08.072092056 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:08.072138071 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:08.072294950 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:08.072546959 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:08.072562933 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:09.283834934 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:09.285381079 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:09.285397053 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.099802017 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.099845886 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.099880934 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.099904060 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.099922895 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.099937916 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.099963903 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.099972010 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.100008011 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.100016117 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.108371973 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.108452082 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.108459949 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.116347075 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.116449118 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.116462946 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.157344103 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.157357931 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.204180956 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.219300032 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.266618967 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.291759014 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.295687914 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.295738935 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.295752048 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.304389954 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.304441929 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.304450989 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.312083960 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.312130928 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.312140942 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.319818020 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.319864035 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.319886923 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.327646017 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.327708006 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.327718019 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.343591928 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.343641043 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.343652010 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.351653099 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.351721048 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.351727962 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.359530926 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.359594107 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.359601021 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.366509914 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.366615057 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.366621017 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.407272100 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.407279015 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.454145908 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.484035969 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.486358881 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.486433029 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.486464977 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.491260052 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.491341114 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.491364956 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.496176958 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.496345043 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.496352911 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.501002073 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.501064062 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.501070023 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.510150909 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.510217905 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.510226011 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.510287046 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.519088984 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.519098997 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.519177914 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.523614883 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.523686886 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.528198004 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.528223991 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.528291941 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.537456989 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.537467003 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.537528992 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.546086073 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.546185970 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.550632000 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.550703049 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.559760094 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.559849977 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.568620920 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.568701982 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.676130056 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.676315069 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.678009033 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.678071022 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.685471058 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.685535908 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.692821980 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.692923069 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.699692965 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.699755907 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.703147888 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.703226089 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.709804058 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.709866047 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.714030027 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.714112997 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.719839096 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.719901085 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.726469994 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.726528883 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.729908943 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.729993105 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.736362934 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.736440897 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.743010044 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.743074894 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.746483088 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.746545076 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.753165960 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.753360987 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.759785891 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.759849072 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.766324043 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.766386032 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.769639969 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.769700050 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.776443005 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.776519060 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.779808998 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.779874086 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.787899017 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.787977934 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.791326046 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.791430950 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.798012018 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.798109055 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.804586887 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.804723024 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.868705034 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.869020939 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.872524977 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.872606993 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.872622967 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.877844095 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.878034115 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.878046989 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.878139973 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.880722046 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.880865097 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.885742903 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.885984898 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.890753031 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.890806913 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.905018091 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.905029058 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.905106068 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.905113935 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.905145884 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.905189991 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.905189991 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.920363903 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.920409918 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.920439005 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.920447111 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.920567036 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.932332039 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.932374954 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.932432890 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.932432890 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.932476044 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.940032959 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.940076113 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.940149069 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.940149069 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.940160036 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.947171926 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.947221041 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.947257042 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.947264910 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.947300911 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.955476999 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.955518961 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:10.955605984 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.955605984 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:10.955615044 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.001522064 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.065989017 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.066047907 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.066195965 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.066212893 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.066257000 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.066323042 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.072812080 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.072855949 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.072942972 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.072954893 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.072998047 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.072998047 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.080331087 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.080379009 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.080457926 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.080466032 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.080513000 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.080513000 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.087337971 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.087356091 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.087425947 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.087435961 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.087573051 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.094090939 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.094110012 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.094182014 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.094192028 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.094265938 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.101236105 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.101254940 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.101368904 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.101376057 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.101522923 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.107484102 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.107501984 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.107558012 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.107568979 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.107600927 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.114587069 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.114604950 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.114696980 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.114706039 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.114749908 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.257535934 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.257597923 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.257668018 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.257668018 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.257688046 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.257741928 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.263708115 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.263760090 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.263818026 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.263818026 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.263825893 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.263917923 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.263922930 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.270860910 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.270915031 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.270957947 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.270973921 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.271013975 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.278053045 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.278095007 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.278152943 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.278162003 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.278172016 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.284856081 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.284907103 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.284959078 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.284970045 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.285007000 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.291799068 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.291821003 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.291892052 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.291913033 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.291958094 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.294900894 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.295001030 CET44349764104.21.64.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:11.295053959 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.295053959 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:11.297317028 CET49764443192.168.2.4104.21.64.1
                                                                                                                              Dec 17, 2024 22:21:15.428407907 CET497668880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:15.548091888 CET888049766176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:15.551928043 CET497668880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:16.020634890 CET497668880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:16.140450001 CET888049766176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:16.882965088 CET888049766176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:16.925542116 CET497668880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:16.978254080 CET497668880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:17.097959995 CET888049766176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:17.414549112 CET888049766176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:17.414691925 CET497668880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:17.450114965 CET497668880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:17.569999933 CET888049766176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:19.505040884 CET497698880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:19.624739885 CET888049769176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:19.624835968 CET497698880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:19.628154993 CET497698880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:19.748971939 CET888049769176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:20.952867031 CET888049769176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:20.969808102 CET497698880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:21.089308023 CET888049769176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:21.393486023 CET888049769176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:21.393558979 CET497698880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:21.395766973 CET497698880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:21.515310049 CET888049769176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:24.593913078 CET497808880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:24.713713884 CET888049780176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:24.713810921 CET497808880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:24.716161966 CET497808880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:24.836045027 CET888049780176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:26.026992083 CET888049780176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:26.032351017 CET497808880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:26.152028084 CET888049780176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:26.460319042 CET888049780176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:26.460421085 CET497808880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:26.462726116 CET497808880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:26.582360983 CET888049780176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:31.610228062 CET497958880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:31.729911089 CET888049795176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:31.730020046 CET497958880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:31.732532978 CET497958880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:31.852138996 CET888049795176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:33.036653042 CET888049795176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:33.047904968 CET497958880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:33.167615891 CET888049795176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:33.472966909 CET888049795176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:33.473484039 CET497958880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:33.475800037 CET497958880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:33.595428944 CET888049795176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:39.738410950 CET498158880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:39.858576059 CET888049815176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:39.858716965 CET498158880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:39.860944033 CET498158880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:39.980987072 CET888049815176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:41.183626890 CET888049815176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:41.188647032 CET498158880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:41.308295965 CET888049815176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:41.613240004 CET888049815176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:41.613456011 CET498158880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:41.615916014 CET498158880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:41.735586882 CET888049815176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:51.237200975 CET498408880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:51.358170033 CET888049840176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:51.358350992 CET498408880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:51.360924959 CET498408880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:51.480631113 CET888049840176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:52.661494017 CET888049840176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:52.672980070 CET498408880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:52.793298960 CET888049840176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:53.095108032 CET888049840176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:53.095191002 CET498408880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:53.149739027 CET498408880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:21:53.269360065 CET888049840176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:22:08.468611956 CET498818880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:22:08.588392019 CET888049881176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:22:08.588577986 CET498818880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:22:08.592577934 CET498818880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:22:08.712299109 CET888049881176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:22:09.891757965 CET888049881176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:22:09.907665014 CET498818880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:22:10.027208090 CET888049881176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:22:10.329971075 CET888049881176.97.123.103192.168.2.4
                                                                                                                              Dec 17, 2024 22:22:10.330041885 CET498818880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:22:10.333693981 CET498818880192.168.2.4176.97.123.103
                                                                                                                              Dec 17, 2024 22:22:10.453418970 CET888049881176.97.123.103192.168.2.4
                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Dec 17, 2024 22:20:23.866486073 CET6303053192.168.2.41.1.1.1
                                                                                                                              Dec 17, 2024 22:20:24.282457113 CET53630301.1.1.1192.168.2.4
                                                                                                                              Dec 17, 2024 22:21:14.850569963 CET6286353192.168.2.41.1.1.1
                                                                                                                              Dec 17, 2024 22:21:15.385880947 CET53628631.1.1.1192.168.2.4
                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                              Dec 17, 2024 22:20:23.866486073 CET192.168.2.41.1.1.10x3c7cStandard query (0)molatoripro.icuA (IP address)IN (0x0001)false
                                                                                                                              Dec 17, 2024 22:21:14.850569963 CET192.168.2.41.1.1.10x1c83Standard query (0)wickgrip9.topA (IP address)IN (0x0001)false
                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                              Dec 17, 2024 22:20:24.282457113 CET1.1.1.1192.168.2.40x3c7cNo error (0)molatoripro.icu104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                              Dec 17, 2024 22:20:24.282457113 CET1.1.1.1192.168.2.40x3c7cNo error (0)molatoripro.icu104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                              Dec 17, 2024 22:20:24.282457113 CET1.1.1.1192.168.2.40x3c7cNo error (0)molatoripro.icu104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                              Dec 17, 2024 22:20:24.282457113 CET1.1.1.1192.168.2.40x3c7cNo error (0)molatoripro.icu104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                              Dec 17, 2024 22:20:24.282457113 CET1.1.1.1192.168.2.40x3c7cNo error (0)molatoripro.icu104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                              Dec 17, 2024 22:20:24.282457113 CET1.1.1.1192.168.2.40x3c7cNo error (0)molatoripro.icu104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                              Dec 17, 2024 22:20:24.282457113 CET1.1.1.1192.168.2.40x3c7cNo error (0)molatoripro.icu104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                              Dec 17, 2024 22:20:27.957787037 CET1.1.1.1192.168.2.40xa797No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                              Dec 17, 2024 22:20:27.957787037 CET1.1.1.1192.168.2.40xa797No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                              Dec 17, 2024 22:20:30.963125944 CET1.1.1.1192.168.2.40x73c3No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Dec 17, 2024 22:20:30.963125944 CET1.1.1.1192.168.2.40x73c3No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                              Dec 17, 2024 22:20:31.811297894 CET1.1.1.1192.168.2.40x45d2No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Dec 17, 2024 22:20:31.811297894 CET1.1.1.1192.168.2.40x45d2No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                              Dec 17, 2024 22:21:11.880451918 CET1.1.1.1192.168.2.40xad6No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                              Dec 17, 2024 22:21:11.880451918 CET1.1.1.1192.168.2.40xad6No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                              Dec 17, 2024 22:21:15.385880947 CET1.1.1.1192.168.2.40x1c83No error (0)wickgrip9.top176.97.123.103A (IP address)IN (0x0001)false
                                                                                                                              • molatoripro.icu
                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              0192.168.2.449732104.21.64.14436408C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-17 21:20:26 UTC532OUTGET /Bin/ScreenConnect.Client.application?h=wickgrip9.top&p=8880&k=BgIAAACkAABSU0ExAAgAAAEAAQDFvH7dgn59O3930pS66IDDblNLBSZU3lQVwAjbyC7bFRQoA8pMp1lRt5orwzmTLGZrjelxjQwNnxTn5%2bwvxd9XBlzyDBqrlDJd8OU9Op34%2bQPJjh9hfpOSyBfsUqX75KVejGdxOmNzvkEZmTWJDuwYxdKlYjQ7908hykS24m8kNLZsCQdn2PZLHuU978kEGplUn6N%2f7j8w4a48JNHZxKo2K4eHXPXv0KrrcS0rhHCk%2fELvRZ8yPgPyb5dA0M2sav6yx%2bPRdDqnj%2bpbrFFNWp2F9VDxNX0apOBx4SALsyzlcWxoj8gCgQ80UdH7u1h53GPqMZo%2bCXS2SsruOQmYPtnP HTTP/1.1
                                                                                                                              Host: molatoripro.icu
                                                                                                                              Accept-Encoding: gzip
                                                                                                                              Connection: Keep-Alive
                                                                                                                              2024-12-17 21:20:27 UTC838INHTTP/1.1 200 OK
                                                                                                                              Date: Tue, 17 Dec 2024 21:20:27 GMT
                                                                                                                              Content-Type: application/x-ms-application; charset=utf-8
                                                                                                                              Content-Length: 147976
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: private
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZUD%2FQEu0Cwc4AL90qvZ2IQ1ifZOJBfA6ZMKvdImMxNS73qiyiT%2Fw%2BN0oK%2F1Wm9zsZnMAAojCBJXS3k%2BlN3TkPp1Tiow5d7Ut6UzrnNrPoAnf%2B%2BDZqwnEf1ppynQMq%2B4w07A%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f39f5070bda7c6a-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3358&min_rtt=2012&rtt_var=1716&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=1123&delivery_rate=1451292&cwnd=218&unsent_bytes=0&cid=3a1c6b1f27d0ba9d&ts=889&x=0"
                                                                                                                              2024-12-17 21:20:27 UTC531INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 61 73 6d 76 31 3a 61 73 73 65 6d 62 6c 79 20 78 73 69 3a 73 63 68 65 6d 61 4c 6f 63 61 74 69 6f 6e 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 20 61 73 73 65 6d 62 6c 79 2e 61 64 61 70 74 69 76 65 2e 78 73 64 22 20 6d 61 6e 69 66 65 73 74 56 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 31 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 32 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 32 3d
                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2=
                                                                                                                              2024-12-17 21:20:27 UTC1369INData Raw: 63 65 2e 76 31 22 20 78 6d 6c 6e 73 3a 63 6f 2e 76 32 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 63 6c 69 63 6b 6f 6e 63 65 2e 76 32 22 3e 0d 0a 20 20 3c 61 73 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 6e 61 6d 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 43 6c 69 65 6e 74 2e 61 70 70 6c 69 63 61 74 69 6f 6e 22 20 76 65 72 73 69 6f 6e 3d 22 32 34 2e 32 2e 31 30 2e 38 39 39 31 22 20 70 75 62 6c 69 63 4b 65 79 54 6f 6b 65 6e 3d 22 32 35 62 30 66 62 62 36 65 66 37 65 62 30 39 34 22 20 6c 61 6e 67 75 61 67 65 3d 22 6e 65 75 74 72 61 6c 22 20 70 72 6f 63 65 73 73 6f 72 41 72 63 68 69 74 65 63 74 75 72 65 3d 22 6d 73 69 6c 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69
                                                                                                                              Data Ascii: ce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2"> <assemblyIdentity name="ScreenConnect.WindowsClient.application" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-mi
                                                                                                                              2024-12-17 21:20:27 UTC1369INData Raw: 74 77 69 73 65 2c 20 4c 4c 43 26 71 75 6f 74 3b 2c 20 4f 3d 26 71 75 6f 74 3b 43 6f 6e 6e 65 63 74 77 69 73 65 2c 20 4c 4c 43 26 71 75 6f 74 3b 2c 20 4c 3d 54 61 6d 70 61 2c 20 53 3d 46 6c 6f 72 69 64 61 2c 20 43 3d 55 53 22 20 69 73 73 75 65 72 4b 65 79 48 61 73 68 3d 22 36 38 33 37 65 30 65 62 62 36 33 62 66 38 35 66 31 31 38 36 66 62 66 65 36 31 37 62 30 38 38 38 36 35 66 34 34 65 34 32 22 20 2f 3e 3c 53 69 67 6e 61 74 75 72 65 20 49 64 3d 22 53 74 72 6f 6e 67 4e 61 6d 65 53 69 67 6e 61 74 75 72 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 22 3e 3c 53 69 67 6e 65 64 49 6e 66 6f 3e 3c 43 61 6e 6f 6e 69 63 61 6c 69 7a 61 74 69 6f 6e 4d 65 74 68 6f 64 20 41 6c 67 6f 72
                                                                                                                              Data Ascii: twise, LLC&quot;, O=&quot;Connectwise, LLC&quot;, L=Tampa, S=Florida, C=US" issuerKeyHash="6837e0ebb63bf85f1186fbfe617b088865f44e42" /><Signature Id="StrongNameSignature" xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algor
                                                                                                                              2024-12-17 21:20:27 UTC1369INData Raw: 46 2f 4a 4d 59 54 4c 54 6c 72 37 51 78 41 6a 2b 6d 41 66 34 58 33 36 31 61 39 55 4b 53 58 41 39 41 74 7a 41 71 44 54 51 68 30 3d 3c 2f 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 3c 4b 65 79 49 6e 66 6f 20 49 64 3d 22 53 74 72 6f 6e 67 4e 61 6d 65 4b 65 79 49 6e 66 6f 22 3e 3c 4b 65 79 56 61 6c 75 65 3e 3c 52 53 41 4b 65 79 56 61 6c 75 65 3e 3c 4d 6f 64 75 6c 75 73 3e 37 45 69 59 4a 74 43 4e 4c 47 33 69 47 7a 7a 54 5a 32 32 78 34 4f 55 4d 73 66 39 31 2f 31 5a 4f 6c 30 48 35 56 30 71 6a 5a 41 71 6f 4b 58 4b 55 6f 46 74 4e 74 6f 71 39 42 32 43 32 73 46 74 51 7a 70 4c 2f 51 71 54 6a 6b 4c 35 33 61 6b 50 70 6c 68 78 79 4c 32 73 36 54 56 79 49 43 38 78 71 59 62 51 43 62 35 45 33 30 32 73 72 66 70 75 47 42 56 68 32 75 66 71 47 44 62 79 78 5a 50 35 2f 53 31 75
                                                                                                                              Data Ascii: F/JMYTLTlr7QxAj+mAf4X361a9UKSXA9AtzAqDTQh0=</SignatureValue><KeyInfo Id="StrongNameKeyInfo"><KeyValue><RSAKeyValue><Modulus>7EiYJtCNLG3iGzzTZ22x4OUMsf91/1ZOl0H5V0qjZAqoKXKUoFtNtoq9B2C2sFtQzpL/QqTjkL53akPplhxyL2s6TVyIC8xqYbQCb5E302srfpuGBVh2ufqGDbyxZP5/S1u
                                                                                                                              2024-12-17 21:20:27 UTC1369INData Raw: 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 2f 3e 3c 2f 61 73 3a 4d 61 6e 69 66 65 73 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 3e 3c 61 73 3a 53 69 67 6e 65 64 42 79 20 2f 3e 3c 61 73 3a 41 75 74 68 65 6e 74 69 63 6f 64 65 50 75 62 6c 69 73 68 65 72 3e 3c 61 73 3a 58 35 30 39 53 75 62 6a 65 63 74 4e 61 6d 65 3e 43 4e 3d 22 43 6f 6e 6e 65 63 74 77 69 73 65 2c 20 4c 4c 43 22 2c 20 4f 3d 22 43 6f 6e 6e 65 63 74 77 69 73 65 2c 20 4c 4c 43 22 2c 20 4c 3d 54 61 6d 70 61 2c 20 53 3d 46 6c 6f 72 69 64 61 2c 20 43 3d 55 53 3c 2f 61 73 3a 58 35 30 39 53 75 62 6a 65 63 74 4e 61 6d 65 3e 3c 2f 61 73 3a 41 75 74 68 65 6e 74 69 63 6f 64 65 50 75 62 6c 69 73 68 65 72 3e 3c 2f 72 3a 67 72 61 6e 74 3e 3c 72 3a 69 73 73 75 65 72 3e 3c 53 69 67 6e 61 74
                                                                                                                              Data Ascii: -microsoft-com:asm.v1" /></as:ManifestInformation><as:SignedBy /><as:AuthenticodePublisher><as:X509SubjectName>CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US</as:X509SubjectName></as:AuthenticodePublisher></r:grant><r:issuer><Signat
                                                                                                                              2024-12-17 21:20:27 UTC1369INData Raw: 6c 31 4a 4c 55 31 67 54 49 58 37 6a 35 35 38 66 6f 6b 6e 4e 67 68 51 5a 67 63 47 79 4e 38 61 48 75 56 66 73 63 65 30 6d 64 58 6f 73 67 41 37 2b 31 36 39 73 46 67 44 66 6c 50 55 77 74 66 31 75 6f 47 45 4d 44 4d 54 31 57 4f 67 52 6e 62 6b 49 32 45 4a 6d 37 4e 2b 47 53 56 42 30 6d 45 45 71 56 32 39 76 54 64 4a 59 4b 2b 71 41 59 4b 6f 54 72 52 37 56 70 2f 46 4d 4a 4f 6d 66 53 73 59 77 72 47 4d 54 44 4b 72 72 48 64 61 56 34 71 35 4f 78 31 6a 6d 55 49 73 48 72 2f 4b 6b 67 3d 3c 2f 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 3c 4b 65 79 49 6e 66 6f 3e 3c 4b 65 79 56 61 6c 75 65 3e 3c 52 53 41 4b 65 79 56 61 6c 75 65 3e 3c 4d 6f 64 75 6c 75 73 3e 37 45 69 59 4a 74 43 4e 4c 47 33 69 47 7a 7a 54 5a 32 32 78 34 4f 55 4d 73 66 39 31 2f 31 5a 4f 6c 30 48 35 56 30 71
                                                                                                                              Data Ascii: l1JLU1gTIX7j558foknNghQZgcGyN8aHuVfsce0mdXosgA7+169sFgDflPUwtf1uoGEMDMT1WOgRnbkI2EJm7N+GSVB0mEEqV29vTdJYK+qAYKoTrR7Vp/FMJOmfSsYwrGMTDKrrHdaV4q5Ox1jmUIsHr/Kkg=</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>7EiYJtCNLG3iGzzTZ22x4OUMsf91/1ZOl0H5V0q
                                                                                                                              2024-12-17 21:20:27 UTC1369INData Raw: 78 44 4d 49 49 43 49 6a 41 4e 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 45 46 41 41 4f 43 41 67 38 41 4d 49 49 43 43 67 4b 43 41 67 45 41 37 45 69 59 4a 74 43 4e 4c 47 33 69 47 7a 7a 54 5a 32 32 78 34 4f 55 4d 73 66 39 31 2f 31 5a 4f 6c 30 48 35 56 30 71 6a 5a 41 71 6f 4b 58 4b 55 6f 46 74 4e 74 6f 71 39 42 32 43 32 73 46 74 51 7a 70 4c 2f 51 71 54 6a 6b 4c 35 33 61 6b 50 70 6c 68 78 79 4c 32 73 36 54 56 79 49 43 38 78 71 59 62 51 43 62 35 45 33 30 32 73 72 66 70 75 47 42 56 68 32 75 66 71 47 44 62 79 78 5a 50 35 2f 53 31 75 64 35 48 6d 61 35 4f 41 74 77 66 43 2b 34 42 35 64 41 79 6b 7a 6f 6f 4a 7a 69 50 6a 62 43 30 67 75 64 73 52 42 73 62 31 51 6b 4a 37 79 41 6a 34 66 74 69 47 57 79 5a 54 4f 42 53 4a 6d 73 6f 7a 59 6b 6c 50 6d 51 57 42 45 45 7a 45 35 64
                                                                                                                              Data Ascii: xDMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7EiYJtCNLG3iGzzTZ22x4OUMsf91/1ZOl0H5V0qjZAqoKXKUoFtNtoq9B2C2sFtQzpL/QqTjkL53akPplhxyL2s6TVyIC8xqYbQCb5E302srfpuGBVh2ufqGDbyxZP5/S1ud5Hma5OAtwfC+4B5dAykzooJziPjbC0gudsRBsb1QkJ7yAj4ftiGWyZTOBSJmsozYklPmQWBEEzE5d
                                                                                                                              2024-12-17 21:20:27 UTC1369INData Raw: 6b 5a 56 4e 70 5a 32 35 70 62 6d 64 53 55 30 45 30 4d 44 6b 32 55 30 68 42 4d 7a 67 30 4d 6a 41 79 4d 55 4e 42 4d 53 35 6a 63 6e 51 77 44 41 59 44 56 52 30 54 41 51 48 2f 42 41 49 77 41 44 41 4e 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 73 46 41 41 4f 43 41 67 45 41 43 74 65 66 41 4d 39 4a 68 49 5a 4d 69 59 48 73 7a 6f 63 59 71 6f 64 57 52 2f 61 6e 52 67 6a 4a 61 4f 46 6c 61 4d 65 71 6e 58 45 65 31 7a 51 57 64 67 4f 41 5a 2f 41 54 4d 4d 6b 57 49 62 4a 36 4b 6f 69 55 78 42 43 4d 4a 6f 46 69 6f 78 38 54 2b 58 56 36 66 57 75 7a 78 76 47 62 38 6e 77 36 4b 59 6c 74 63 53 32 46 68 7a 59 6e 32 43 66 4e 5a 48 46 32 46 45 54 36 76 78 30 78 36 51 50 33 6b 52 51 38 57 30 7a 6c 35 30 52 4b 72 4c 6f 32 31 31 6d 75 75 6a 42 70 30 5a 55 69 5a 31 58 4c 78 6e 57 71 64 48
                                                                                                                              Data Ascii: kZVNpZ25pbmdSU0E0MDk2U0hBMzg0MjAyMUNBMS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEACtefAM9JhIZMiYHszocYqodWR/anRgjJaOFlaMeqnXEe1zQWdgOAZ/ATMMkWIbJ6KoiUxBCMJoFiox8T+XV6fWuzxvGb8nw6KYltcS2FhzYn2CfNZHF2FET6vx0x6QP3kRQ8W0zl50RKrLo211muujBp0ZUiZ1XLxnWqdH
                                                                                                                              2024-12-17 21:20:27 UTC1369INData Raw: 4c 4d 42 49 43 58 7a 45 4e 4f 4c 73 76 73 49 38 49 72 67 6e 51 6e 41 5a 61 66 36 6d 49 42 4a 4e 59 63 39 55 52 6e 6f 6b 43 46 34 52 53 36 68 6e 79 7a 68 47 4d 49 61 7a 4d 58 75 6b 30 6c 77 51 6a 4b 50 2b 38 62 71 48 50 4e 6c 61 4a 47 69 54 55 79 43 45 55 68 53 61 4e 34 51 76 52 52 58 58 65 67 59 45 32 58 46 66 37 4a 50 68 53 78 49 70 46 61 45 4e 64 62 35 4c 70 79 71 41 42 58 52 4e 2f 34 61 42 70 54 43 66 4d 6a 71 47 7a 4c 6d 79 73 4c 30 70 36 4d 44 44 6e 53 6c 72 7a 6d 32 71 32 41 53 34 2b 6a 57 75 66 63 78 34 64 79 74 35 42 69 67 32 4d 45 6a 52 30 65 7a 6f 51 39 75 6f 36 74 74 6d 41 61 44 47 37 64 71 5a 79 33 53 76 55 51 61 6b 68 43 42 6a 37 41 37 43 64 66 48 6d 7a 4a 61 77 76 39 71 59 46 53 4c 53 63 47 54 37 65 47 30 58 4f 42 76 36 79 62 35 6a 4e 57 79
                                                                                                                              Data Ascii: LMBICXzENOLsvsI8IrgnQnAZaf6mIBJNYc9URnokCF4RS6hnyzhGMIazMXuk0lwQjKP+8bqHPNlaJGiTUyCEUhSaN4QvRRXXegYE2XFf7JPhSxIpFaENdb5LpyqABXRN/4aBpTCfMjqGzLmysL0p6MDDnSlrzm2q2AS4+jWufcx4dyt5Big2MEjR0ezoQ9uo6ttmAaDG7dqZy3SvUQakhCBj7A7CdfHmzJawv9qYFSLScGT7eG0XOBv6yb5jNWy
                                                                                                                              2024-12-17 21:20:27 UTC1369INData Raw: 34 6d 36 52 69 2b 6b 41 65 77 51 33 2b 56 69 43 43 43 63 50 44 4d 79 75 2f 39 4b 54 56 63 48 34 6b 34 56 66 63 33 69 6f 73 4a 6f 63 73 4c 36 54 45 61 2f 79 34 5a 58 44 6c 78 34 62 36 63 70 77 6f 47 31 69 5a 6e 74 35 4c 6d 54 6c 2f 65 65 71 78 4a 7a 79 36 6b 64 4a 4b 74 32 7a 79 6b 6e 49 59 66 34 38 46 57 47 79 73 6a 2f 34 2b 31 36 6f 68 37 63 47 76 6d 6f 4c 72 39 4f 6a 39 46 70 73 54 6f 46 70 46 53 69 30 48 41 53 49 52 4c 6c 6b 32 72 52 45 44 6a 6a 66 41 56 4b 4d 37 74 38 52 68 57 42 79 6f 76 45 4d 51 4d 43 47 51 38 4d 34 2b 75 4b 49 77 38 79 34 2b 49 43 77 32 2f 4f 2f 54 4f 48 6e 75 4f 37 37 58 72 79 37 66 77 64 78 50 6d 35 79 67 2f 72 42 4b 75 70 53 38 69 62 45 48 35 67 6c 77 56 5a 73 78 73 44 73 72 46 68 73 50 32 4a 6a 4d 4d 42 30 75 67 30 77 63 43 61
                                                                                                                              Data Ascii: 4m6Ri+kAewQ3+ViCCCcPDMyu/9KTVcH4k4Vfc3iosJocsL6TEa/y4ZXDlx4b6cpwoG1iZnt5LmTl/eeqxJzy6kdJKt2zyknIYf48FWGysj/4+16oh7cGvmoLr9Oj9FpsToFpFSi0HASIRLlk2rREDjjfAVKM7t8RhWByovEMQMCGQ8M4+uKIw8y4+ICw2/O/TOHnuO77Xry7fwdxPm5yg/rBKupS8ibEH5glwVZsxsDsrFhsP2JjMMB0ug0wcCa


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              1192.168.2.449738104.21.64.14436408C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-17 21:20:29 UTC97OUTGET /Bin/ScreenConnect.Client.manifest HTTP/1.1
                                                                                                                              Host: molatoripro.icu
                                                                                                                              Accept-Encoding: gzip
                                                                                                                              2024-12-17 21:20:30 UTC804INHTTP/1.1 200 OK
                                                                                                                              Date: Tue, 17 Dec 2024 21:20:30 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: private
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ac9P83X%2BHp3up8enjRIWSmuevRlYpctyYRA6c1V%2FejCtInrW%2Fsq4GIyhkgNaDMIAc%2F4IBoAByVuaUvZo9CBEVwGLP%2B18sFNcy%2BkO1tlSuZKbo%2BgaBSuaPM9yKzRjLsIVF24%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f39f51adccd42e9-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1737&min_rtt=1711&rtt_var=694&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=712&delivery_rate=1518460&cwnd=239&unsent_bytes=0&cid=43e6da5a5c56d227&ts=829&x=0"
                                                                                                                              2024-12-17 21:20:30 UTC565INData Raw: 34 30 30 30 0d 0a ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 61 73 6d 76 31 3a 61 73 73 65 6d 62 6c 79 20 78 73 69 3a 73 63 68 65 6d 61 4c 6f 63 61 74 69 6f 6e 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 20 61 73 73 65 6d 62 6c 79 2e 61 64 61 70 74 69 76 65 2e 78 73 64 22 20 6d 61 6e 69 66 65 73 74 56 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 31 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 32 22 20 78 6d 6c 6e
                                                                                                                              Data Ascii: 4000<?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmln
                                                                                                                              2024-12-17 21:20:30 UTC1369INData Raw: 73 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 6e 61 6d 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 43 6c 69 65 6e 74 2e 65 78 65 22 20 76 65 72 73 69 6f 6e 3d 22 32 34 2e 32 2e 31 30 2e 38 39 39 31 22 20 70 75 62 6c 69 63 4b 65 79 54 6f 6b 65 6e 3d 22 32 35 62 30 66 62 62 36 65 66 37 65 62 30 39 34 22 20 6c 61 6e 67 75 61 67 65 3d 22 6e 65 75 74 72 61 6c 22 20 70 72 6f 63 65 73 73 6f 72 41 72 63 68 69 74 65 63 74 75 72 65 3d 22 6d 73 69 6c 22 20 74 79 70 65 3d 22 77 69 6e 33 32 22 20 2f 3e 0d 0a 20 20 3c 61 70 70 6c 69 63 61 74 69 6f 6e 20 2f 3e 0d 0a 20 20 3c 65 6e 74 72 79 50 6f 69 6e 74 3e 0d 0a 20 20 20 20 3c 61 73 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 6e 61 6d 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57
                                                                                                                              Data Ascii: ssemblyIdentity name="ScreenConnect.WindowsClient.exe" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" type="win32" /> <application /> <entryPoint> <assemblyIdentity name="ScreenConnect.W
                                                                                                                              2024-12-17 21:20:30 UTC1369INData Raw: 0d 0a 20 20 20 20 3c 2f 64 65 70 65 6e 64 65 6e 74 41 73 73 65 6d 62 6c 79 3e 0d 0a 20 20 3c 2f 64 65 70 65 6e 64 65 6e 63 79 3e 0d 0a 20 20 3c 64 65 70 65 6e 64 65 6e 63 79 3e 0d 0a 20 20 20 20 3c 64 65 70 65 6e 64 65 6e 74 41 73 73 65 6d 62 6c 79 20 64 65 70 65 6e 64 65 6e 63 79 54 79 70 65 3d 22 69 6e 73 74 61 6c 6c 22 20 61 6c 6c 6f 77 44 65 6c 61 79 65 64 42 69 6e 64 69 6e 67 3d 22 74 72 75 65 22 20 63 6f 64 65 62 61 73 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 43 6c 69 65 6e 74 2e 64 6c 6c 22 20 73 69 7a 65 3d 22 31 39 37 31 32 30 22 3e 0d 0a 20 20 20 20 20 20 3c 61 73 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 6e 61 6d 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 43 6c 69 65 6e 74 22 20 76 65 72 73 69 6f 6e 3d 22 32 34 2e 32 2e 31
                                                                                                                              Data Ascii: </dependentAssembly> </dependency> <dependency> <dependentAssembly dependencyType="install" allowDelayedBinding="true" codebase="ScreenConnect.Client.dll" size="197120"> <assemblyIdentity name="ScreenConnect.Client" version="24.2.1
                                                                                                                              2024-12-17 21:20:30 UTC1369INData Raw: 61 73 68 3e 0d 0a 20 20 20 20 3c 2f 64 65 70 65 6e 64 65 6e 74 41 73 73 65 6d 62 6c 79 3e 0d 0a 20 20 3c 2f 64 65 70 65 6e 64 65 6e 63 79 3e 0d 0a 20 20 3c 64 65 70 65 6e 64 65 6e 63 79 3e 0d 0a 20 20 20 20 3c 64 65 70 65 6e 64 65 6e 74 41 73 73 65 6d 62 6c 79 20 64 65 70 65 6e 64 65 6e 63 79 54 79 70 65 3d 22 69 6e 73 74 61 6c 6c 22 20 61 6c 6c 6f 77 44 65 6c 61 79 65 64 42 69 6e 64 69 6e 67 3d 22 74 72 75 65 22 20 63 6f 64 65 62 61 73 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 43 6f 72 65 2e 64 6c 6c 22 20 73 69 7a 65 3d 22 35 34 38 38 36 34 22 3e 0d 0a 20 20 20 20 20 20 3c 61 73 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 6e 61 6d 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 43 6f 72 65 22 20 76 65 72 73 69 6f 6e 3d 22 32 34 2e 32 2e 31
                                                                                                                              Data Ascii: ash> </dependentAssembly> </dependency> <dependency> <dependentAssembly dependencyType="install" allowDelayedBinding="true" codebase="ScreenConnect.Core.dll" size="548864"> <assemblyIdentity name="ScreenConnect.Core" version="24.2.1
                                                                                                                              2024-12-17 21:20:30 UTC1369INData Raw: 3c 2f 64 65 70 65 6e 64 65 6e 74 41 73 73 65 6d 62 6c 79 3e 0d 0a 20 20 3c 2f 64 65 70 65 6e 64 65 6e 63 79 3e 0d 0a 20 20 3c 64 65 70 65 6e 64 65 6e 63 79 3e 0d 0a 20 20 20 20 3c 64 65 70 65 6e 64 65 6e 74 41 73 73 65 6d 62 6c 79 20 64 65 70 65 6e 64 65 6e 63 79 54 79 70 65 3d 22 69 6e 73 74 61 6c 6c 22 20 61 6c 6c 6f 77 44 65 6c 61 79 65 64 42 69 6e 64 69 6e 67 3d 22 74 72 75 65 22 20 63 6f 64 65 62 61 73 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 43 6c 69 65 6e 74 2e 65 78 65 22 20 73 69 7a 65 3d 22 36 30 31 33 37 36 22 3e 0d 0a 20 20 20 20 20 20 3c 61 73 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 6e 61 6d 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 43 6c 69 65 6e 74 22 20 76 65 72 73 69 6f 6e
                                                                                                                              Data Ascii: </dependentAssembly> </dependency> <dependency> <dependentAssembly dependencyType="install" allowDelayedBinding="true" codebase="ScreenConnect.WindowsClient.exe" size="601376"> <assemblyIdentity name="ScreenConnect.WindowsClient" version
                                                                                                                              2024-12-17 21:20:30 UTC1369INData Raw: 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 73 68 61 31 22 20 2f 3e 0d 0a 20 20 20 20 20 20 3c 64 73 69 67 3a 44 69 67 65 73 74 56 61 6c 75 65 3e 4f 4f 71 32 36 64 6d 62 58 4b 37 73 6c 77 4f 49 54 53 57 2b 6a 59 45 57 49 4b 6b 3d 3c 2f 64 73 69 67 3a 44 69 67 65 73 74 56 61 6c 75 65 3e 0d 0a 20 20 20 20 3c 2f 68 61 73 68 3e 0d 0a 20 20 3c 2f 66 69 6c 65 3e 0d 0a 20 20 3c 66 69 6c 65 20 6e 61 6d 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 42 61 63 6b 73 74 61 67 65 53 68 65 6c 6c 2e 65 78 65 2e 63 6f 6e 66 69 67 22 20 73 69 7a 65 3d 22 32 36 36 22 3e 0d 0a 20 20 20 20 3c 68 61 73 68 3e 0d 0a 20 20 20 20 20 20 3c 64 73 69 67 3a
                                                                                                                              Data Ascii: hod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <dsig:DigestValue>OOq26dmbXK7slwOITSW+jYEWIKk=</dsig:DigestValue> </hash> </file> <file name="ScreenConnect.WindowsBackstageShell.exe.config" size="266"> <hash> <dsig:
                                                                                                                              2024-12-17 21:20:30 UTC1369INData Raw: 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 46 69 6c 65 4d 61 6e 61 67 65 72 2e 65 78 65 2e 63 6f 6e 66 69 67 22 20 73 69 7a 65 3d 22 32 36 36 22 3e 0d 0a 20 20 20 20 3c 68 61 73 68 3e 0d 0a 20 20 20 20 20 20 3c 64 73 69 67 3a 54 72 61 6e 73 66 6f 72 6d 73 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 73 69 67 3a 54 72 61 6e 73 66 6f 72 6d 20 41 6c 67 6f 72 69 74 68 6d 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 48 61 73 68 54 72 61 6e 73 66 6f 72 6d 73 2e 49 64 65 6e 74 69 74 79 22 20 2f 3e 0d 0a 20 20 20 20 20 20 3c 2f 64 73 69 67 3a 54 72 61 6e 73 66 6f 72 6d 73 3e 0d 0a 20 20 20 20 20 20 3c 64 73 69 67 3a 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77
                                                                                                                              Data Ascii: ScreenConnect.WindowsFileManager.exe.config" size="266"> <hash> <dsig:Transforms> <dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" /> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://w
                                                                                                                              2024-12-17 21:20:30 UTC1369INData Raw: 6a 76 34 32 41 74 46 41 2f 59 55 50 43 4b 59 67 2b 63 34 4b 6d 32 37 52 54 56 43 50 52 36 41 59 30 7a 78 48 36 63 41 56 49 38 55 78 62 6e 72 4a 71 48 58 4d 77 38 58 52 4f 30 46 63 55 4e 51 78 58 41 39 70 49 52 57 72 43 6e 4b 41 6a 74 6a 7a 6d 6b 4c 6d 4d 2b 68 42 2f 6f 4f 53 2f 56 58 41 41 75 75 73 69 42 79 70 37 6d 2b 6c 6f 77 2f 5a 47 68 2b 74 66 43 73 42 4b 30 2b 6c 76 51 2f 38 52 6d 61 30 43 70 53 7a 76 76 76 2b 4b 66 35 6f 39 51 64 64 5a 4f 2f 6b 33 7a 71 4e 58 44 72 33 6c 64 35 45 32 75 79 48 68 68 59 56 73 75 30 6c 52 37 6c 44 43 57 6f 61 31 4a 52 52 61 56 63 4b 30 46 54 4d 58 2f 6e 30 39 75 55 31 39 69 48 33 51 66 42 52 65 4c 45 67 4d 75 4a 6a 65 48 72 61 44 53 39 6b 63 6f 53 6d 42 5a 30 42 5a 78 6c 4d 4c 79 4b 55 73 69 68 76 72 65 74 76 63 35 4b
                                                                                                                              Data Ascii: jv42AtFA/YUPCKYg+c4Km27RTVCPR6AY0zxH6cAVI8UxbnrJqHXMw8XRO0FcUNQxXA9pIRWrCnKAjtjzmkLmM+hB/oOS/VXAAuusiByp7m+low/ZGh+tfCsBK0+lvQ/8Rma0CpSzvvv+Kf5o9QddZO/k3zqNXDr3ld5E2uyHhhYVsu0lR7lDCWoa1JRRaVcK0FTMX/n09uU19iH3QfBReLEgMuJjeHraDS9kcoSmBZ0BZxlMLyKUsihvretvc5K
                                                                                                                              2024-12-17 21:20:30 UTC1369INData Raw: 2f 72 65 6c 64 61 74 61 22 3e 3c 72 3a 6c 69 63 65 6e 73 65 20 78 6d 6c 6e 73 3a 72 3d 22 75 72 6e 3a 6d 70 65 67 3a 6d 70 65 67 32 31 3a 32 30 30 33 3a 30 31 2d 52 45 4c 2d 52 2d 4e 53 22 20 78 6d 6c 6e 73 3a 61 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 70 6b 69 2f 32 30 30 35 2f 41 75 74 68 65 6e 74 69 63 6f 64 65 22 3e 3c 72 3a 67 72 61 6e 74 3e 3c 61 73 3a 4d 61 6e 69 66 65 73 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 48 61 73 68 3d 22 38 62 31 32 63 31 65 34 38 38 32 34 65 62 31 63 30 33 63 37 32 31 61 64 35 30 65 32 37 39 64 31 64 36 30 32 62 63 39 35 22 20 44 65 73 63 72 69 70 74 69 6f 6e 3d 22 22 20 55 72 6c 3d 22 22 3e 3c 61 73 3a 61 73 73 65 6d 62 6c 79 49 64 65 6e 74 69
                                                                                                                              Data Ascii: /reldata"><r:license xmlns:r="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:as="http://schemas.microsoft.com/windows/pki/2005/Authenticode"><r:grant><as:ManifestInformation Hash="8b12c1e48824eb1c03c721ad50e279d1d602bc95" Description="" Url=""><as:assemblyIdenti
                                                                                                                              2024-12-17 21:20:30 UTC1369INData Raw: 42 4e 77 54 49 64 4c 33 61 49 58 39 62 4e 6c 72 7a 61 63 73 31 33 76 4e 31 53 65 43 62 64 77 4f 43 38 4a 67 4c 30 45 4c 2f 4c 6b 6e 72 74 6c 4f 41 36 36 57 4e 61 76 31 65 58 65 5a 43 76 64 6b 6f 4f 34 43 73 43 41 73 79 51 61 59 46 74 7a 77 79 65 56 4e 48 64 48 53 36 38 47 4b 41 74 44 65 6d 49 36 30 38 69 70 66 71 37 57 63 4f 43 51 4b 46 44 44 57 6a 44 51 43 77 62 4a 6a 77 33 62 6f 66 79 41 53 4e 70 45 46 55 74 66 73 46 68 66 4e 49 45 45 70 55 32 46 53 71 66 51 75 49 39 7a 7a 77 33 2f 31 66 7a 65 36 4e 79 71 59 69 47 58 78 74 75 6a 46 52 38 38 49 31 72 70 4e 37 5a 51 75 48 55 4d 52 30 31 6e 4f 44 57 59 58 70 47 43 65 4f 35 65 74 36 36 45 43 73 73 69 4d 64 76 6d 31 44 42 6d 4a 49 77 64 61 35 36 63 69 5a 6f 37 6c 58 52 33 4a 6a 2b 38 41 67 53 59 61 75 70 35
                                                                                                                              Data Ascii: BNwTIdL3aIX9bNlrzacs13vN1SeCbdwOC8JgL0EL/LknrtlOA66WNav1eXeZCvdkoO4CsCAsyQaYFtzwyeVNHdHS68GKAtDemI608ipfq7WcOCQKFDDWjDQCwbJjw3bofyASNpEFUtfsFhfNIEEpU2FSqfQuI9zzw3/1fze6NyqYiGXxtujFR88I1rpN7ZQuHUMR01nODWYXpGCeO5et66ECssiMdvm1DBmJIwda56ciZo7lXR3Jj+8AgSYaup5


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              2192.168.2.449750104.21.64.14436408C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-17 21:20:40 UTC123OUTGET /Bin/ScreenConnect.ClientService.exe HTTP/1.1
                                                                                                                              Host: molatoripro.icu
                                                                                                                              Accept-Encoding: gzip
                                                                                                                              Connection: Keep-Alive
                                                                                                                              2024-12-17 21:20:41 UTC817INHTTP/1.1 200 OK
                                                                                                                              Date: Tue, 17 Dec 2024 21:20:40 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: private
                                                                                                                              CF-Cache-Status: BYPASS
                                                                                                                              Accept-Ranges: bytes
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5sOU5VckO7qIKKZmOVLcieYhZId5XZHkfN7Sh%2FOYqdvVRQFl0DOTyBzg4bIgSpylN3N8WzBPiAXRNRUn9ujGWYIXkdLCm5Vgu%2Bi5l0OvIWqHlvYwu8MqbOxnKG%2FQmztASbs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f39f55ccbf07c6a-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1987&min_rtt=1982&rtt_var=754&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=714&delivery_rate=1441263&cwnd=218&unsent_bytes=0&cid=4498b3886e35b0d8&ts=954&x=0"
                                                                                                                              2024-12-17 21:20:41 UTC552INData Raw: 37 38 61 37 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f8 10 28 a3 bc 71 46 f0 bc 71 46 f0 bc 71 46 f0 08 ed b7 f0 b6 71 46 f0 08 ed b5 f0 c6 71 46 f0 08 ed b4 f0 a4 71 46 f0 3c 0a 42 f1 ad 71 46 f0 3c 0a 45 f1 a8 71 46 f0 3c 0a 43 f1 96 71 46 f0 b5 09 d5 f0 b6 71 46 f0 a2 23 d5 f0 bf 71 46 f0 bc 71 47 f0 cc 71 46 f0 32 0a 4f f1 bd 71 46 f0 32 0a b9 f0 bd 71 46 f0 32 0a 44 f1 bd 71 46 f0 52 69 63 68 bc 71 46 f0 00
                                                                                                                              Data Ascii: 78a7MZ@!L!This program cannot be run in DOS mode.$(qFqFqFqFqFqF<BqF<EqF<CqFqF#qFqGqF2OqF2qF2DqFRichqF
                                                                                                                              2024-12-17 21:20:41 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 f2 66 00 00 00 d0 00 00 00 68 00 00 00 c4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 84 12 00 00 00 40 01 00 00 0a 00 00 00 2c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 58 04 00 00 00 60 01 00 00 06 00 00 00 36 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c0 0f 00 00 00 70 01 00 00 10 00 00 00 3c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                              Data Ascii: `.rdatafh@@.data@,@.rsrcX`6@@.relocp<@B
                                                                                                                              2024-12-17 21:20:41 UTC1369INData Raw: 40 00 50 8d 85 d8 fb ff ff 50 ff d6 8d 8d e0 fd ff ff 8d 51 02 66 8b 01 83 c1 02 66 85 c0 75 f5 2b ca 8d 85 e0 fd ff ff d1 f9 68 30 1f 41 00 8d 04 48 50 ff d6 6a 01 6a 00 6a 0c ff 15 60 d1 40 00 6a 04 89 85 d4 fb ff ff e8 49 0b 00 00 8b 35 64 d1 40 00 83 c4 04 89 85 d0 fb ff ff c7 00 00 00 00 00 33 c0 66 89 85 a0 fb ff ff 8d 85 a0 fb ff ff 50 ff d6 85 c0 0f 88 d5 02 00 00 b8 08 00 00 00 66 89 85 a0 fb ff ff 8d 85 e0 fd ff ff 50 ff d7 89 85 a8 fb ff ff 85 c0 0f 84 b8 02 00 00 8d 85 a0 fb ff ff 50 ff b5 d0 fb ff ff ff b5 d4 fb ff ff ff 15 5c d1 40 00 8d 85 a0 fb ff ff 50 ff d6 8b 35 50 d1 40 00 8d 85 80 fb ff ff 0f 57 c0 50 0f 11 85 80 fb ff ff ff d6 8b 85 c4 fb ff ff 0f 57 c0 89 85 d0 fb ff ff 8d 85 a0 fb ff ff 50 0f 11 85 a0 fb ff ff ff d6 c6 45 fc 0a 0f
                                                                                                                              Data Ascii: @PPQffu+h0AHPjjj`@jI5d@3fPfPP\@P5P@WPWPE
                                                                                                                              2024-12-17 21:20:41 UTC1369INData Raw: 00 85 c0 0f 88 f2 00 00 00 b8 08 00 00 00 56 66 89 85 d0 fd ff ff ff 15 58 d1 40 00 89 85 d8 fd ff ff 85 c0 75 08 85 f6 0f 85 d3 00 00 00 8d 85 d0 fd ff ff 50 ff b5 a0 fd ff ff ff b5 a4 fd ff ff ff 15 5c d1 40 00 8b f0 8d 85 d0 fd ff ff 50 ff 15 64 d1 40 00 85 f6 78 45 8d 85 90 fd ff ff 0f 57 c0 50 0f 11 85 90 fd ff ff ff 15 50 d1 40 00 8b 95 a4 fd ff ff 8d 85 90 fd ff ff 50 b9 8c 1f 41 00 c7 45 fc 00 00 00 00 e8 8d f7 ff ff 83 c4 04 8d 85 90 fd ff ff 50 ff 15 64 d1 40 00 8d 85 a8 fd ff ff c7 85 ac fd ff ff 01 00 00 00 50 57 c7 85 b0 fd ff ff 00 00 00 00 ff 15 14 d0 40 00 8b 3d 38 d0 40 00 33 f6 0f 1f 00 ff b4 b5 c4 fd ff ff ff d7 46 83 fe 03 72 f1 8b 4d f4 64 89 0d 00 00 00 00 59 5f 5e 8b 4d ec 33 cd e8 ed 02 00 00 8b e5 5d 8b e3 5b c2 08 00 50 e8 5b f6
                                                                                                                              Data Ascii: VfX@uP\@Pd@xEWPP@PAEPd@PW@=8@3FrMdY_^M3][P[
                                                                                                                              2024-12-17 21:20:41 UTC1369INData Raw: 88 18 00 40 00 75 3e 8b 45 08 b9 00 00 40 00 2b c1 50 51 e8 7c fe ff ff 59 59 85 c0 74 27 83 78 24 00 7c 21 c7 45 fc fe ff ff ff b0 01 eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 00 c0 0f 94 c1 8b c1 c3 8b 65 e8 c7 45 fc fe ff ff ff 32 c0 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b c9 c3 55 8b ec e8 f3 05 00 00 85 c0 74 0f 80 7d 08 00 75 09 33 c0 b9 78 48 41 00 87 01 5d c3 55 8b ec 80 3d 7c 48 41 00 00 74 06 80 7d 0c 00 75 12 ff 75 08 e8 23 40 00 00 ff 75 08 e8 5f 17 00 00 59 59 b0 01 5d c3 55 8b ec 83 3d 80 48 41 00 ff ff 75 08 75 07 e8 6a 3e 00 00 eb 0b 68 80 48 41 00 e8 ce 3e 00 00 59 f7 d8 59 1b c0 f7 d0 23 45 08 5d c3 55 8b ec ff 75 08 e8 c8 ff ff ff f7 d8 59 1b c0 f7 d8 48 5d c3 55 8b ec 5d e9 e9 07 00 00 55 8b ec f6 45 08 01 56 8b f1 c7 06 78 d2 40 00 74
                                                                                                                              Data Ascii: @u>E@+PQ|YYt'x$|!EE38eE2MdY_^[Ut}u3xHA]U=|HAt}uu#@u_YY]U=HAuuj>hHA>YY#E]UuYH]U]UEVx@t
                                                                                                                              2024-12-17 21:20:41 UTC1369INData Raw: e4 6a 07 58 89 4d fc 39 45 f4 7c 30 33 c9 53 0f a2 8b f3 5b 90 8d 5d dc 89 03 89 73 04 89 4b 08 8b 4d fc 89 53 0c 8b 5d e0 f7 c3 00 02 00 00 74 0e 83 cf 02 89 3d b8 4b 41 00 eb 03 8b 5d f0 a1 0c 40 41 00 83 c8 02 c7 05 b4 4b 41 00 01 00 00 00 a3 0c 40 41 00 f7 c1 00 00 10 00 0f 84 93 00 00 00 83 c8 04 c7 05 b4 4b 41 00 02 00 00 00 a3 0c 40 41 00 f7 c1 00 00 00 08 74 79 f7 c1 00 00 00 10 74 71 33 c9 0f 01 d0 89 45 ec 89 55 f0 8b 45 ec 8b 4d f0 6a 06 5e 23 c6 3b c6 75 57 a1 0c 40 41 00 83 c8 08 c7 05 b4 4b 41 00 03 00 00 00 a3 0c 40 41 00 f6 c3 20 74 3b 83 c8 20 c7 05 b4 4b 41 00 05 00 00 00 a3 0c 40 41 00 b8 00 00 03 d0 23 d8 3b d8 75 1e 8b 45 ec ba e0 00 00 00 8b 4d f0 23 c2 3b c2 75 0d 83 0d 0c 40 41 00 40 89 35 b4 4b 41 00 5f 5e 5b 33 c0 c9 c3 33 c0 40
                                                                                                                              Data Ascii: jXM9E|03S[]sKMS]t=KA]@AKA@AKA@Atytq3EUEMj^#;uW@AKA@A t; KA@A#;uEM#;u@A@5KA_^[33@
                                                                                                                              2024-12-17 21:20:41 UTC1369INData Raw: 56 ff 75 08 8b f1 e8 25 00 00 00 c7 06 c4 d2 40 00 8b c6 5e 5d c2 04 00 83 61 04 00 8b c1 83 61 08 00 c7 41 04 cc d2 40 00 c7 01 c4 d2 40 00 c3 55 8b ec 56 8b f1 8d 46 04 c7 06 88 d2 40 00 83 20 00 83 60 04 00 50 8b 45 08 83 c0 04 50 e8 e8 0e 00 00 59 59 8b c6 5e 5d c2 04 00 8d 41 04 c7 01 88 d2 40 00 50 e8 33 0f 00 00 59 c3 55 8b ec 56 8b f1 8d 46 04 c7 06 88 d2 40 00 50 e8 1c 0f 00 00 f6 45 08 01 59 74 0a 6a 0c 56 e8 c4 fd ff ff 59 59 8b c6 5e 5d c2 04 00 55 8b ec 83 ec 0c 8d 4d f4 e8 3d ff ff ff 68 3c 29 41 00 8d 45 f4 50 e8 07 0f 00 00 cc 55 8b ec 83 ec 0c 8d 4d f4 e8 53 ff ff ff 68 90 29 41 00 8d 45 f4 50 e8 ea 0e 00 00 cc 8b 41 04 85 c0 75 05 b8 90 d2 40 00 c3 55 8b ec 51 8b 45 18 8b 4d 1c 53 56 8b 58 10 57 8b 78 0c 8b d7 89 55 fc 8b f2 85 c9 78 2d
                                                                                                                              Data Ascii: Vu%@^]aaA@@UVF@ `PEPYY^]A@P3YUVF@PEYtjVYY^]UM=h<)AEPUMSh)AEPAu@UQEMSVXWxUx-
                                                                                                                              2024-12-17 21:20:41 UTC1369INData Raw: 6d e0 75 21 83 7e 10 03 75 1b 81 7e 14 20 05 93 19 74 18 81 7e 14 21 05 93 19 74 0f 81 7e 14 22 05 93 19 74 06 5f 5e 33 c0 5d c3 e8 bc 0a 00 00 89 70 10 8b 77 04 e8 b1 0a 00 00 89 70 14 e8 47 33 00 00 cc 55 8b ec e8 a0 0a 00 00 8b 40 24 85 c0 74 0e 8b 4d 08 39 08 74 0c 8b 40 04 85 c0 75 f5 33 c0 40 5d c3 33 c0 5d c3 55 8b ec 8b 4d 0c 8b 55 08 56 8b 01 8b 71 04 03 c2 85 f6 78 0d 8b 49 08 8b 14 16 8b 0c 0a 03 ce 03 c1 5e 5d c3 55 8b ec 56 8b 75 08 57 8b 3e 81 3f 52 43 43 e0 74 12 81 3f 4d 4f 43 e0 74 0a 81 3f 63 73 6d e0 74 1b eb 13 e8 34 0a 00 00 83 78 18 00 7e 08 e8 29 0a 00 00 ff 48 18 5f 33 c0 5e 5d c3 e8 1b 0a 00 00 89 78 10 8b 76 04 e8 10 0a 00 00 89 70 14 e8 a6 32 00 00 cc e8 02 0a 00 00 83 c0 10 c3 e8 f9 09 00 00 83 c0 14 c3 cc 57 56 8b 74 24 10 8b
                                                                                                                              Data Ascii: mu!~u~ t~!t~"t_^3]pwpG3U@$tM9t@u3@]3]UMUVqxI^]UVuW>?RCCt?MOCt?csmt4x~)H_3^]xvp2WVt$
                                                                                                                              2024-12-17 21:20:41 UTC1369INData Raw: 7f c1 ea 07 74 66 8d a4 24 00 00 00 00 8b ff 66 0f 6f 06 66 0f 6f 4e 10 66 0f 6f 56 20 66 0f 6f 5e 30 66 0f 7f 07 66 0f 7f 4f 10 66 0f 7f 57 20 66 0f 7f 5f 30 66 0f 6f 66 40 66 0f 6f 6e 50 66 0f 6f 76 60 66 0f 6f 7e 70 66 0f 7f 67 40 66 0f 7f 6f 50 66 0f 7f 77 60 66 0f 7f 7f 70 8d b6 80 00 00 00 8d bf 80 00 00 00 4a 75 a3 85 c9 74 5f 8b d1 c1 ea 05 85 d2 74 21 8d 9b 00 00 00 00 f3 0f 6f 06 f3 0f 6f 4e 10 f3 0f 7f 07 f3 0f 7f 4f 10 8d 76 20 8d 7f 20 4a 75 e5 83 e1 1f 74 30 8b c1 c1 e9 02 74 0f 8b 16 89 17 83 c7 04 83 c6 04 83 e9 01 75 f1 8b c8 83 e1 03 74 13 8a 06 88 07 46 47 49 75 f7 8d a4 24 00 00 00 00 8d 49 00 8b 44 24 0c 5e 5f c3 8d a4 24 00 00 00 00 8b ff ba 10 00 00 00 2b d0 2b ca 51 8b c2 8b c8 83 e1 03 74 09 8a 16 88 17 46 47 49 75 f7 c1 e8 02 74
                                                                                                                              Data Ascii: tf$fofoNfoV fo^0ffOfW f_0fof@fonPfov`fo~pfg@foPfw`fpJut_t!ooNOv Jut0tutFGIu$ID$^_$++QtFGIut
                                                                                                                              2024-12-17 21:20:41 UTC1369INData Raw: 45 f4 50 6a 03 6a 01 68 63 73 6d e0 89 5d f4 89 7d fc ff 15 a0 d0 40 00 5f 5b c9 c2 08 00 55 8b ec 8b 45 08 85 c0 74 0e 3d dc 4b 41 00 74 07 50 e8 53 14 00 00 59 5d c2 04 00 e8 09 00 00 00 85 c0 0f 84 e1 29 00 00 c3 83 3d 20 40 41 00 ff 75 03 33 c0 c3 53 57 ff 15 48 d0 40 00 ff 35 20 40 41 00 8b f8 e8 b5 11 00 00 8b d8 59 83 fb ff 74 17 85 db 75 59 6a ff ff 35 20 40 41 00 e8 d7 11 00 00 59 59 85 c0 75 04 33 db eb 42 56 6a 28 6a 01 e8 2f 2a 00 00 8b f0 59 59 85 f6 74 12 56 ff 35 20 40 41 00 e8 af 11 00 00 59 59 85 c0 75 12 33 db 53 ff 35 20 40 41 00 e8 9b 11 00 00 59 59 eb 04 8b de 33 f6 56 e8 bc 13 00 00 59 5e 57 ff 15 d8 d0 40 00 5f 8b c3 5b c3 68 08 39 40 00 e8 c4 10 00 00 a3 20 40 41 00 59 83 f8 ff 75 03 32 c0 c3 68 dc 4b 41 00 50 e8 5c 11 00 00 59 59
                                                                                                                              Data Ascii: EPjjhcsm]}@_[UEt=KAtPSY])= @Au3SWH@5 @AYtuYj5 @AYYu3BVj(j/*YYtV5 @AYYu3S5 @AYY3VY^W@_[h9@ @AYu2hKAP\YY


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              3192.168.2.449753104.21.64.14436408C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-17 21:20:43 UTC131OUTGET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1
                                                                                                                              Host: molatoripro.icu
                                                                                                                              Accept-Encoding: gzip
                                                                                                                              Connection: Keep-Alive
                                                                                                                              2024-12-17 21:20:44 UTC820INHTTP/1.1 200 OK
                                                                                                                              Date: Tue, 17 Dec 2024 21:20:43 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: private
                                                                                                                              CF-Cache-Status: BYPASS
                                                                                                                              Accept-Ranges: bytes
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1GSRxgkANdxgWJGnBt93b%2FX7YCmxqjMn12OyF%2F0Lqckdf9YaQ7xQy2GlVYVjnsE8AUwMPFj2pdNt59pAQsWN%2Fce85tYMGTLkWocCIB2Pa9R6oX2iew3ESz%2BSeEwH0WRM4hY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f39f56fcc748ca1-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2920&min_rtt=2726&rtt_var=1410&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=722&delivery_rate=682242&cwnd=168&unsent_bytes=0&cid=6d25ac708a6fa38e&ts=1175&x=0"
                                                                                                                              2024-12-17 21:20:44 UTC549INData Raw: 37 38 61 62 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4c e0 0e b8 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 ba 00 00 00 0a 00 00 00 00 00 00 06 d8 00 00 00 20 00 00 00 e0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 01 00 00 02 00 00 33 5d 01 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00
                                                                                                                              Data Ascii: 78abMZ@!L!This program cannot be run in DOS mode.$PELL"0 @ 3]@
                                                                                                                              2024-12-17 21:20:44 UTC1369INData Raw: 06 00 00 00 00 00 00 00 00 78 d6 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 11 00 00 0a 2a 5e 02 28 11 00 00 0a 02 17 8d 61 00 00 01 25 16 03 9c 7d 01 00 00 04 2a 3a 02 28 11 00 00 0a 02 03 7d 01 00 00 04 2a 3a 02 28 11 00 00 0a 02 03 7d 02 00 00 04 2a 3a 02 28 11 00 00 0a 02 03 7d 03 00 00 04 2a 00 00 00 13 30 04 00 8e 00 00 00 00 00 00 00 28 12 00 00 0a 28 13 00 00 0a 28 14 00 00 0a 28 15 00 00 0a 72 01 00 00 70 28 16 00 00 0a 6f 17 00 00 0a 28 18 00 00 0a 72 1d 00 00 70 1f 0b 7e 19 00 00 0a 28 1a 00 00 0a 28 18 00 00 0a 72 39 00 00 70 1f 16 7e 19 00 00 0a 28 1a 00 00 0a 28 18 00 00 0a 1f 67 7e 29 00 00 04 14 19 28 1b 00 00 0a 72 59 00 00 70 18 28 1c 00 00 0a 26 28 1d 00 00
                                                                                                                              Data Ascii: x(*^(a%}*:(}*:(}*:(}*0((((rp(o(rp~((r9p~((g~)(rYp(&(
                                                                                                                              2024-12-17 21:20:44 UTC1369INData Raw: fe 06 89 00 00 06 73 6a 00 00 0a 28 04 00 00 2b 11 0d fe 06 8b 00 00 06 73 6a 00 00 0a 28 04 00 00 2b 6f 6c 00 00 0a 26 11 0a 17 58 13 0a 11 0a 11 09 8e 69 3f 19 ff ff ff 28 6d 00 00 0a 6f 6e 00 00 0a 13 0e 2b 11 11 0e 6f 6f 00 00 0a 13 0f 02 11 0f 28 0c 00 00 06 11 0e 6f 70 00 00 0a 2d e6 de 0c 11 0e 2c 07 11 0e 6f 5b 00 00 0a dc de 10 26 02 16 28 24 00 00 0a 02 28 71 00 00 0a de 00 2a 00 00 41 4c 00 00 02 00 00 00 a6 01 00 00 43 00 00 00 e9 01 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 a1 03 00 00 1e 00 00 00 bf 03 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cd 03 00 00 cd 03 00 00 10 00 00 00 21 00 00 01 1b 30 05 00 28 03 00 00 02 00 00 11 03 28 72 00 00 0a 7e 0a 00 00 04 40 7c 01 00 00 72 70 02 00 70 19 8d 14 00 00 01 25 16 72 8a 02 00 70 a2
                                                                                                                              Data Ascii: sj(+sj(+ol&Xi?(mon+oo(op-,o[&($(q*ALC!0((r~@|rpp%rp
                                                                                                                              2024-12-17 21:20:44 UTC1369INData Raw: 04 09 02 28 0e 00 00 06 6f 5f 00 00 0a 28 0f 00 00 2b 09 fe 06 82 00 00 06 73 93 00 00 0a 28 10 00 00 2b 7d 3b 00 00 04 73 48 00 00 06 25 03 7e 17 00 00 04 28 6e 00 00 06 25 2d 22 26 09 7b 3b 00 00 04 25 2d 04 26 14 2b 05 6f 95 00 00 0a 25 2d 0c 26 18 7e 17 00 00 04 28 70 00 00 06 6f 62 00 00 0a 25 17 6f 2e 00 00 06 25 17 6f 25 00 00 06 25 03 6f 3f 00 00 06 25 06 6f 45 00 00 06 25 08 7b 38 00 00 04 6f 43 00 00 06 25 09 7b 3b 00 00 04 6f 41 00 00 06 13 04 09 7b 3b 00 00 04 2d 14 02 28 0e 00 00 06 6f 5f 00 00 0a 11 04 6f 6c 00 00 0a 26 2a 09 7b 3b 00 00 04 16 6f 96 00 00 0a 02 28 0e 00 00 06 6f 5f 00 00 0a 02 28 0e 00 00 06 6f 5f 00 00 0a 28 11 00 00 2b 09 fe 06 83 00 00 06 73 97 00 00 0a 15 28 12 00 00 2b 17 58 11 04 6f 99 00 00 0a 2a 00 00 00 13 30 04 00
                                                                                                                              Data Ascii: (o_(+s(+};sH%~(n%-"&{;%-&+o%-&~(pob%o.%o%%o?%oE%{8oC%{;oA{;-(o_ol&*{;o(o_(o_(+s(+Xo*0
                                                                                                                              2024-12-17 21:20:44 UTC1369INData Raw: 06 00 4e 00 00 00 00 00 00 00 03 6f c4 00 00 0a 03 6f c4 00 00 0a 6f ca 00 00 0a 2d 07 7e 1e 00 00 04 2b 05 7e 1d 00 00 04 6f cb 00 00 0a 03 6f c5 00 00 0a 03 6f cc 00 00 0a 03 6f cd 00 00 0a 03 6f ce 00 00 0a 03 6f cf 00 00 0a 03 6f d0 00 00 0a 28 d1 00 00 0a 2a 4e 03 7e 22 00 00 04 6f d2 00 00 0a 02 03 28 d3 00 00 0a 2a 00 00 13 30 07 00 2a 01 00 00 0a 00 00 11 03 6f c4 00 00 0a 75 0e 00 00 02 0a 06 2c 31 06 6f 2b 00 00 06 2c 29 03 6f c5 00 00 0a 7e 1b 00 00 04 12 01 fe 15 30 00 00 01 07 03 6f c4 00 00 0a 6f c6 00 00 0a 73 be 00 00 0a 6f c7 00 00 0a 03 6f c4 00 00 0a 6f b8 00 00 0a 2c 29 03 6f c5 00 00 0a 7e 1c 00 00 04 12 01 fe 15 30 00 00 01 07 03 6f c4 00 00 0a 6f c6 00 00 0a 73 be 00 00 0a 6f c7 00 00 0a 03 6f c4 00 00 0a 75 0e 00 00 02 0a 06 39 a1
                                                                                                                              Data Ascii: Nooo-~+~ooooooo(*N~"o(*0*ou,1o+,)o~0oosooo,)o~0oosoou9
                                                                                                                              2024-12-17 21:20:44 UTC1369INData Raw: 25 16 6f fc 00 00 0a 02 fe 06 4a 00 00 06 73 fd 00 00 0a 28 1a 00 00 2b a2 25 18 7e 60 00 00 0a 72 76 03 00 70 17 6f fe 00 00 0a 14 02 fe 06 4c 00 00 06 73 ef 00 00 0a 73 76 00 00 06 a2 25 19 7e 60 00 00 0a 72 f6 03 00 70 17 6f fe 00 00 0a 14 02 fe 06 4e 00 00 06 73 ef 00 00 0a 73 76 00 00 06 a2 25 1a 7e 60 00 00 0a 72 6a 04 00 70 17 6f fe 00 00 0a 14 02 fe 06 4f 00 00 06 73 ef 00 00 0a 73 76 00 00 06 a2 6f 63 00 00 0a 02 28 e5 00 00 0a 28 1b 00 00 2b 28 1c 00 00 2b 0a 06 6f ff 00 00 0a 28 1d 00 00 2b 14 18 28 1e 00 00 2b 0b 02 28 3e 00 00 06 28 02 01 00 0a 3a 01 01 00 00 02 28 3e 00 00 06 28 03 01 00 0a 0c 07 6f 04 01 00 0a 25 2d 0d 26 12 05 fe 15 17 00 00 1b 11 05 2b 0a 28 05 01 00 0a 73 06 01 00 0a 0d 12 02 28 07 01 00 0a 28 08 01 00 0a 13 04 12 03 28
                                                                                                                              Data Ascii: %oJs(+%~`rvpoLssv%~`rpoNssv%~`rjpoOssvoc((+(+o(+(+(>(:(>(o%-&+(s(((
                                                                                                                              2024-12-17 21:20:44 UTC1369INData Raw: 13 30 03 00 53 00 00 00 13 00 00 11 02 03 28 e4 00 00 0a 28 63 00 00 06 7e 4a 00 00 04 25 2d 17 26 7e 49 00 00 04 fe 06 9f 00 00 06 73 31 01 00 0a 25 80 4a 00 00 04 28 1f 00 00 2b 28 20 00 00 2b 28 21 00 00 2b 0a 02 28 e5 00 00 0a 28 61 00 00 06 02 28 e5 00 00 0a 06 6f 63 00 00 0a 2a 1e 02 28 23 00 00 06 2a 1a 7e 2c 00 00 04 2a 00 00 13 30 0f 00 25 02 00 00 14 00 00 11 73 a4 00 00 06 0a 06 14 7d 4f 00 00 04 06 14 7d 50 00 00 04 06 14 7d 52 00 00 04 06 14 7d 51 00 00 04 06 14 7d 53 00 00 04 03 19 8d 40 00 00 01 25 16 06 73 e7 00 00 0a 25 17 6f 35 01 00 0a 25 1b 6f 26 00 00 0a 17 8d 40 00 00 01 25 16 06 73 a6 00 00 0a 25 1a 6f 25 00 00 0a 25 7e 20 00 00 04 6f 29 00 00 0a 25 7e 1d 00 00 04 6f ea 00 00 0a 25 73 1b 00 00 06 6f 28 00 00 0a 25 0b 7d 50 00 00 04
                                                                                                                              Data Ascii: 0S((c~J%-&~Is1%J(+( +(!+((a(oc*(#*~,*0%s}O}P}R}Q}S@%s%o5%o&@%s%o%%~ o)%~o%so(%}P
                                                                                                                              2024-12-17 21:20:44 UTC1369INData Raw: 01 00 0a 6f 4a 01 00 0a 16 28 4b 01 00 0a 2a 1b 30 01 00 39 00 00 00 15 00 00 11 02 28 11 00 00 2b 28 23 00 00 2b 6f 4d 01 00 0a 0a 2b 0c 12 00 28 4e 01 00 0a 28 62 00 00 06 12 00 28 4f 01 00 0a 2d eb de 0e 12 00 fe 16 1a 00 00 1b 6f 5b 00 00 0a dc 2a 00 00 00 01 10 00 00 02 00 11 00 19 2a 00 0e 00 00 00 00 13 30 02 00 2d 00 00 00 16 00 00 11 02 75 4b 00 00 01 0a 06 2c 0b 06 6f e5 00 00 0a 28 61 00 00 06 02 6f 95 00 00 0a 25 2d 03 26 2b 05 28 0c 01 00 0a 02 6f 50 01 00 0a 2a 72 1f 16 7e 19 00 00 0a 28 1a 00 00 0a 73 51 01 00 0a 72 98 0d 00 70 28 52 01 00 0a 2a 00 00 13 30 04 00 dd 00 00 00 00 00 00 00 28 53 01 00 0a 28 24 00 00 2b 7e 56 00 00 04 25 2d 17 26 7e 55 00 00 04 fe 06 ac 00 00 06 73 55 01 00 0a 25 80 56 00 00 04 28 25 00 00 2b 28 57 01 00 0a 28
                                                                                                                              Data Ascii: oJ(K*09(+(#+oM+(N(b(O-o[**0-uK,o(ao%-&+(oP*r~(sQrp(R*0(S($+~V%-&~UsU%V(%+(W(
                                                                                                                              2024-12-17 21:20:44 UTC1369INData Raw: 00 00 04 02 1f 7f 17 28 a8 00 00 0a 16 28 a8 00 00 0a 18 20 e8 03 00 00 06 7c 64 00 00 04 28 81 01 00 0a 26 06 7b 64 00 00 04 16 d3 28 7b 00 00 0a 2c 21 02 1f 37 16 28 a8 00 00 0a 16 28 a8 00 00 0a 18 20 e8 03 00 00 06 7c 64 00 00 04 28 81 01 00 0a 26 06 7b 64 00 00 04 16 d3 28 7b 00 00 0a 2c 0e 06 02 1f f2 28 8c 01 00 0a 7d 64 00 00 04 06 7b 64 00 00 04 16 d3 28 7b 00 00 0a 2c 02 14 2a 06 fe 06 bc 00 00 06 73 8d 01 00 0a 17 28 35 00 00 2b 2a 00 1b 30 02 00 5d 00 00 00 1e 00 00 11 02 6f 8e 01 00 0a 03 28 8f 01 00 0a 2c 07 02 6f 90 01 00 0a 2a 02 03 73 91 01 00 0a 0a 06 6f 8e 01 00 0a 03 28 8f 01 00 0a 2c 09 06 6f 90 01 00 0a 0b de 27 de 0a 06 2c 06 06 6f 5b 00 00 0a dc 02 6f 90 01 00 0a 0c 08 03 73 92 01 00 0a 0b de 0a 08 2c 06 08 6f 5b 00 00 0a dc 07 2a
                                                                                                                              Data Ascii: (( |d(&{d({,!7(( |d(&{d({,(}d{d({,*s(5+*0]o(,o*so(,o',o[os,o[*
                                                                                                                              2024-12-17 21:20:44 UTC1369INData Raw: 00 95 00 00 00 24 00 00 11 02 03 28 bb 01 00 0a 02 6f 5f 00 00 0a 28 3c 00 00 2b 6f bc 01 00 0a 0a 2b 66 06 6f bd 01 00 0a 02 28 be 01 00 0a 0b 12 01 28 d7 00 00 0a 02 28 be 01 00 0a 0b 12 01 28 d9 00 00 0a 02 28 bd 00 00 0a 0c 12 02 28 86 01 00 0a 02 28 be 01 00 0a 0b 12 01 28 db 00 00 0a 59 02 28 bd 00 00 0a 0c 12 02 28 bf 01 00 0a 02 28 be 01 00 0a 0b 12 01 28 dd 00 00 0a 59 73 c0 01 00 0a 6f 98 00 00 06 06 6f 70 00 00 0a 2d 92 de 0a 06 2c 06 06 6f 5b 00 00 0a dc 2a 00 00 00 01 10 00 00 02 00 18 00 72 8a 00 0a 00 00 00 00 1e 02 28 c1 01 00 0a 2a 22 02 03 28 f9 00 00 0a 2a 22 02 03 6f c2 01 00 0a 2a 00 00 13 30 04 00 60 00 00 00 25 00 00 11 02 6f c3 01 00 0a 0a 12 00 28 86 01 00 0a 02 6f c3 01 00 0a 0a 12 00 28 bf 01 00 0a 02 28 04 01 00 0a 2c 2c 02 6f
                                                                                                                              Data Ascii: $(o_(<+o+fo((((((((Y((((Ysoop-,o[*r(*"(*"o*0`%o(o((,,o


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              4192.168.2.449754104.21.64.14436408C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-17 21:20:45 UTC135OUTGET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1
                                                                                                                              Host: molatoripro.icu
                                                                                                                              Accept-Encoding: gzip
                                                                                                                              Connection: Keep-Alive
                                                                                                                              2024-12-17 21:20:46 UTC800INHTTP/1.1 200 OK
                                                                                                                              Date: Tue, 17 Dec 2024 21:20:46 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: private
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J2Rx9YjeWQMg46zTz0jBe210mwylAxZ2yHfdWomKTJIp3qMFB1SfdNDd4Zc%2BzEQB4vJ%2Fn0ataQI1Sj0%2Fy8nY8GxXb8VKsRcv3wEUL47SGAtKUfSFgqvSTYPAD%2BJ4CKpf%2FNE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f39f57fe8ef8ca1-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2044&min_rtt=2040&rtt_var=774&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=726&delivery_rate=1405873&cwnd=168&unsent_bytes=0&cid=d423504973f793bb&ts=922&x=0"
                                                                                                                              2024-12-17 21:20:46 UTC273INData Raw: 31 30 61 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a
                                                                                                                              Data Ascii: 10a<?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime>
                                                                                                                              2024-12-17 21:20:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              5192.168.2.449756104.21.64.14436408C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-17 21:20:48 UTC130OUTGET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1
                                                                                                                              Host: molatoripro.icu
                                                                                                                              Accept-Encoding: gzip
                                                                                                                              Connection: Keep-Alive
                                                                                                                              2024-12-17 21:20:49 UTC798INHTTP/1.1 200 OK
                                                                                                                              Date: Tue, 17 Dec 2024 21:20:48 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: private
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nCF6kXiUFp8t59mSWgubbfgvYBYlr8HEVc58vrQFcckerEvX4Z3PG588QZ8iQQfBlbXthKsagV9AKZJ%2F5%2FPtPwEWwH86EJMnvEVAPAMbbiQiI%2BbkzxF7gFYhu9VOkVwpG%2Fc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f39f58f1fbe4414-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1797&min_rtt=1718&rtt_var=803&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=721&delivery_rate=1239915&cwnd=172&unsent_bytes=0&cid=124d17e47e66fb7f&ts=930&x=0"
                                                                                                                              2024-12-17 21:20:49 UTC273INData Raw: 31 30 61 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a
                                                                                                                              Data Ascii: 10a<?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime>
                                                                                                                              2024-12-17 21:20:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              6192.168.2.449758104.21.64.14436408C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-17 21:20:50 UTC114OUTGET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1
                                                                                                                              Host: molatoripro.icu
                                                                                                                              Accept-Encoding: gzip
                                                                                                                              2024-12-17 21:20:51 UTC792INHTTP/1.1 200 OK
                                                                                                                              Date: Tue, 17 Dec 2024 21:20:51 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: private
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=egRE6blVBCSwluf658yVCKPbvUByCW8iqnfTiuhuSCCXBXrYealXC3a3h6PZNVO9xAU%2BVLMGxNBAaFzEeaoJypI57kVKN7RggC8T3SI5P09CSdQOsX4p69wdgS8d6BE3uBM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f39f59c9f8ade95-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1691&min_rtt=1677&rtt_var=639&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=729&delivery_rate=1741204&cwnd=240&unsent_bytes=0&cid=dbdcb157ef8f3e4e&ts=919&x=0"
                                                                                                                              2024-12-17 21:20:51 UTC273INData Raw: 31 30 61 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a
                                                                                                                              Data Ascii: 10a<?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime>
                                                                                                                              2024-12-17 21:20:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              7192.168.2.449759104.21.64.14436408C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-17 21:20:52 UTC128OUTGET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1
                                                                                                                              Host: molatoripro.icu
                                                                                                                              Accept-Encoding: gzip
                                                                                                                              Connection: Keep-Alive
                                                                                                                              2024-12-17 21:20:53 UTC815INHTTP/1.1 200 OK
                                                                                                                              Date: Tue, 17 Dec 2024 21:20:53 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: private
                                                                                                                              CF-Cache-Status: BYPASS
                                                                                                                              Accept-Ranges: bytes
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uiN3WA1MKdkA31VzbyTGaG%2BvTfH8ZdsUNDMK3E1OqzFA8fnbDzjwozAImAvFe4SScOJzFCAum9h9fUBNrtvGLah7zZv%2B6w1kN8H0ZfLM6q7wx5EDTfofUiKbJvfH3cudeB4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f39f5aa1ddb42e9-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1615&min_rtt=1582&rtt_var=659&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=719&delivery_rate=1580086&cwnd=239&unsent_bytes=0&cid=f81e65d74802a0ed&ts=919&x=0"
                                                                                                                              2024-12-17 21:20:53 UTC554INData Raw: 37 38 61 39 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 50 da a7 bb 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 40 00 00 00 d4 00 00 00 00 00 00 e6 5e 00 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 01 00 00 02 00 00 6a 8b 01 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00
                                                                                                                              Data Ascii: 78a9MZ@!L!This program cannot be run in DOS mode.$PELP"0@^ `@ `j@
                                                                                                                              2024-12-17 21:20:53 UTC1369INData Raw: 00 00 00 00 60 5d 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 16 00 00 0a 2a 5e 02 28 16 00 00 0a 02 17 8d 3b 00 00 01 25 16 03 9c 7d 01 00 00 04 2a 3a 02 28 16 00 00 0a 02 03 7d 01 00 00 04 2a 3a 02 28 16 00 00 0a 02 03 7d 02 00 00 04 2a 3a 02 28 16 00 00 0a 02 03 7d 03 00 00 04 2a 00 00 00 1b 30 07 00 9c 01 00 00 01 00 00 11 73 3e 00 00 06 0a 28 17 00 00 0a 28 18 00 00 0a 28 19 00 00 0a 28 1a 00 00 0a 28 1b 00 00 0a 16 28 1c 00 00 0a 28 1d 00 00 0a 0b 06 73 1e 00 00 0a 7d 42 00 00 04 06 73 1f 00 00 0a 7d 43 00 00 04 06 7e 40 00 00 04 25 2d 17 26 7e 3f 00 00 04 fe 06 3c 00 00 06 73 20 00 00 0a 25 80 40 00 00 04 6f 01 00 00 2b 0c 06 06 fe 06 40 00 00 06 73 20 00 00 0a 6f 01 00
                                                                                                                              Data Ascii: `](*^(;%}*:(}*:(}*:(}*0s>(((((((s}Bs}C~@%-&~?<s %@o+@s o
                                                                                                                              2024-12-17 21:20:53 UTC1369INData Raw: e0 28 52 00 00 0a 26 12 01 7c 53 00 00 0a 25 4a 20 00 10 00 00 60 54 06 7b 0f 00 00 04 16 17 12 01 e0 28 54 00 00 0a 26 16 d3 03 04 05 28 46 00 00 0a 2a 1b 30 09 00 55 02 00 00 05 00 00 11 0e 04 1f 2b 40 d4 01 00 00 0e 06 28 42 00 00 0a 0a 06 7b 1d 00 00 04 06 7b 1a 00 00 04 17 28 4b 00 00 0a 0b 06 7b 1e 00 00 04 28 55 00 00 0a 0c 08 06 7b 1f 00 00 04 28 56 00 00 0a 28 57 00 00 0a 6f 58 00 00 0a 08 12 01 28 4c 00 00 0a 2d 03 16 2b 16 12 01 28 4d 00 00 0a 7b 59 00 00 0a 20 80 00 00 00 28 05 00 00 2b 2d 07 28 5a 00 00 0a 2b 05 28 5b 00 00 0a 6f 5c 00 00 0a 12 01 28 4c 00 00 0a 2d 03 17 2b 16 12 01 28 4d 00 00 0a 7b 4e 00 00 0a 20 00 08 00 00 28 04 00 00 2b 2c 53 08 28 5d 00 00 0a 06 7c 1f 00 00 04 7b 5e 00 00 0a 06 7c 1f 00 00 04 7b 5f 00 00 0a 06 7c 1f 00
                                                                                                                              Data Ascii: (R&|S%J `T{(T&(F*0U+@(B{{(K{(U{(V(WoX(L-+(M{Y (+-(Z+([o\(L-+(M{N (+,S(]|{^|{_|
                                                                                                                              2024-12-17 21:20:53 UTC1369INData Raw: 09 28 8c 00 00 0a 12 0c 28 8d 00 00 0a 59 1c 28 8e 00 00 0a 26 11 05 6f 7e 00 00 0a 2d b7 de 0c 11 05 2c 07 11 05 6f 2e 00 00 0a dc 2a 00 01 1c 00 00 02 00 15 01 58 6d 01 0c 00 00 00 00 02 00 6d 02 4d ba 02 0c 00 00 00 00 42 53 4a 42 01 00 01 00 00 00 00 00 0c 00 00 00 76 32 2e 30 2e 35 30 37 32 37 00 00 00 00 05 00 6c 00 00 00 c4 12 00 00 23 7e 00 00 30 13 00 00 04 14 00 00 23 53 74 72 69 6e 67 73 00 00 00 00 34 27 00 00 48 01 00 00 23 55 53 00 7c 28 00 00 10 00 00 00 23 47 55 49 44 00 00 00 8c 28 00 00 b4 09 00 00 23 42 6c 6f 62 00 00 00 00 00 00 00 02 00 00 01 57 7f 02 0a 09 0e 00 00 00 fa 01 33 00 16 00 00 01 00 00 00 67 00 00 00 1a 00 00 00 52 00 00 00 42 00 00 00 5d 00 00 00 02 00 00 00 8e 00 00 00 1c 00 00 00 37 00 00 00 11 00 00 00 01 00 00 00 06
                                                                                                                              Data Ascii: ((Y(&o~-,o.*XmmMBSJBv2.0.50727l#~0#Strings4'H#US|(#GUID(#BlobW3gRB]7
                                                                                                                              2024-12-17 21:20:53 UTC1369INData Raw: 00 f4 04 46 06 06 00 a8 04 43 06 06 00 f6 06 22 02 06 00 ab 01 22 02 06 00 b1 01 22 02 06 00 7c 0b 22 02 06 00 1d 12 22 02 06 00 aa 03 43 06 06 00 f6 06 22 02 06 00 ab 01 22 02 06 00 b1 01 22 02 06 00 a6 0d 22 02 06 00 53 07 22 02 06 00 93 0c 43 06 06 00 6a 01 43 06 06 00 8c 0c 4b 06 06 00 aa 03 43 06 51 80 7c 03 22 02 51 80 3b 02 22 02 51 80 64 03 22 02 51 80 85 03 22 02 51 80 4f 03 22 02 51 80 b8 01 22 02 51 80 de 01 22 02 51 80 f0 01 22 02 51 80 90 01 22 02 51 80 d3 01 22 02 56 80 c8 01 22 02 56 80 01 02 22 02 51 80 17 02 22 02 51 80 8f 03 22 02 51 80 0c 02 22 02 51 80 5d 01 22 02 06 06 a2 03 22 02 56 80 67 02 50 06 56 80 a7 02 50 06 06 06 a2 03 22 02 56 80 ed 02 54 06 56 80 c0 02 54 06 56 80 af 02 54 06 56 80 3f 03 54 06 56 80 77 02 54 06 56 80 52 02
                                                                                                                              Data Ascii: FC"""|""C""""S"CjCKCQ|"Q;"Qd"Q"QO"Q"Q"Q"Q"Q"V"V"Q"Q"Q"Q]""VgPVP"VTVTVTV?TVwTVR
                                                                                                                              2024-12-17 21:20:53 UTC1369INData Raw: 01 00 8a 04 00 00 02 00 96 0b 01 20 01 00 8a 04 01 20 01 00 8a 04 00 00 02 00 96 0b 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 03 00 c1 04 00 00 01 00 a8 04 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 01 00 a8 04 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 03 00 c1 04 00 00 00 00 00 00 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 01 00 b8 12 00 00 01 00 23 10 00 00 02 00 cd 03 00 00 01 00 e2 06 02 00 01 00 e1 06 01 20 01 00 b6 04 02 00 02 00 8a 05 00 00 01 00 8b 05 00 00 01 00 17 11 02 00 01 00 17 11 00 00 01 00 96 0b 00 00 01 00 96 0b 00 00 01 00 9c 06 00 20 01 00 9c 06 00 00 01 00 4f 06 00 00 01 00 3d 13 00 00 01 00 2b
                                                                                                                              Data Ascii: # O=+
                                                                                                                              2024-12-17 21:20:53 UTC1369INData Raw: 00 0a 11 55 04 08 00 84 00 1f 05 08 00 88 00 24 05 08 00 8c 00 29 05 08 00 90 00 2e 05 08 00 94 00 33 05 08 00 98 00 38 05 08 00 9c 00 3d 05 08 00 a0 00 42 05 08 00 a4 00 47 05 08 00 a8 00 4c 05 08 00 ac 00 51 05 08 00 b0 00 33 05 08 00 b4 00 56 05 08 00 b8 00 2e 05 08 00 bc 00 5b 05 08 00 c0 00 60 05 08 00 c8 00 29 05 08 00 cc 00 2e 05 08 00 d4 00 65 05 08 00 d8 00 6a 05 08 00 dc 00 6f 05 08 00 e0 00 74 05 08 00 e4 00 79 05 08 00 e8 00 7e 05 08 00 ec 00 83 05 08 00 18 01 51 05 08 00 1c 01 88 05 08 00 20 01 8d 05 25 00 12 00 a5 06 27 00 5b 00 2e 05 27 00 2a 00 a9 09 2e 00 0b 00 7b 07 2e 00 13 00 84 07 2e 00 1b 00 a3 07 2e 00 23 00 ac 07 2e 00 2b 00 cc 07 2e 00 33 00 df 07 2e 00 3b 00 a5 06 2e 00 43 00 a5 06 2e 00 4b 00 fb 07 43 00 63 00 2e 05 43 00 0a 00
                                                                                                                              Data Ascii: U$).38=BGLQ3V.[`).ejoty~Q %'[.'*.{...#.+.3.;.C.KCc.C
                                                                                                                              2024-12-17 21:20:53 UTC1369INData Raw: 53 49 42 4c 45 00 54 56 47 4e 5f 4e 45 58 54 56 49 53 49 42 4c 45 00 54 56 45 5f 54 4f 47 47 4c 45 00 54 56 49 46 5f 53 54 41 54 45 00 4d 41 58 5f 54 45 58 54 5f 53 49 5a 45 00 52 65 63 74 61 6e 67 6c 65 46 00 4d 53 47 00 57 48 00 47 57 4c 00 54 56 4d 5f 47 45 54 4e 45 58 54 49 54 45 4d 00 54 56 49 54 45 4d 00 46 4f 52 43 45 46 49 4c 45 53 59 53 54 45 4d 00 4d 49 49 4d 00 42 4f 54 54 4f 4d 00 57 4d 00 53 49 47 44 4e 00 46 4f 52 43 45 53 48 4f 57 48 49 44 44 45 4e 00 3c 3e 4f 00 4d 45 4e 55 49 54 45 4d 49 4e 46 4f 00 3c 64 69 61 6c 6f 67 3e 50 00 46 44 41 50 00 54 4f 50 00 53 57 50 00 48 49 44 45 50 49 4e 4e 45 44 50 4c 41 43 45 53 00 48 49 44 45 4d 52 55 50 4c 41 43 45 53 00 4d 46 53 00 54 56 49 53 00 46 49 4c 45 4f 50 45 4e 44 49 41 4c 4f 47 4f 50 54 49
                                                                                                                              Data Ascii: SIBLETVGN_NEXTVISIBLETVE_TOGGLETVIF_STATEMAX_TEXT_SIZERectangleFMSGWHGWLTVM_GETNEXTITEMTVITEMFORCEFILESYSTEMMIIMBOTTOMWMSIGDNFORCESHOWHIDDEN<>OMENUITEMINFO<dialog>PFDAPTOPSWPHIDEPINNEDPLACESHIDEMRUPLACESMFSTVISFILEOPENDIALOGOPTI
                                                                                                                              2024-12-17 21:20:53 UTC1369INData Raw: 00 44 69 73 70 6f 73 65 00 66 53 74 61 74 65 00 69 74 65 6d 53 74 61 74 65 00 73 74 61 74 65 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 49 46 69 6c 65 44 69 61 6c 6f 67 45 76 65 6e 74 73 2e 4f 6e 4f 76 65 72 77 72 69 74 65 00 53 54 41 54 68 72 65 61 64 41 74 74 72 69 62 75 74 65 00 45 6d 62 65 64 64 65 64 41 74 74 72 69 62 75 74 65 00 43 6f 6d 70 69 6c 65 72 47 65 6e 65 72 61 74 65 64 41 74 74 72 69 62 75 74 65 00 47 75 69 64 41 74 74 72 69 62 75 74 65 00 43 6c 61 73 73 49 6e 74 65 72 66 61 63 65 41 74 74 72 69 62 75 74 65 00 55 6e 76 65 72 69 66 69 61 62 6c 65 43 6f 64 65 41 74 74 72 69 62 75 74 65 00 41 74 74 72 69 62 75 74 65 55 73 61 67 65 41 74 74 72 69 62 75 74 65 00 44 65 62 75 67 67 61 62 6c 65 41 74 74 72 69 62 75 74 65 00 4e 75 6c 6c 61 62 6c
                                                                                                                              Data Ascii: DisposefStateitemStatestateScreenConnect.IFileDialogEvents.OnOverwriteSTAThreadAttributeEmbeddedAttributeCompilerGeneratedAttributeGuidAttributeClassInterfaceAttributeUnverifiableCodeAttributeAttributeUsageAttributeDebuggableAttributeNullabl
                                                                                                                              2024-12-17 21:20:53 UTC1369INData Raw: 68 49 74 65 6d 00 49 53 68 65 6c 6c 49 74 65 6d 00 47 65 74 4e 65 78 74 49 74 65 6d 00 68 69 74 65 6d 00 53 79 73 74 65 6d 00 67 65 74 5f 42 6f 74 74 6f 6d 00 62 6f 74 74 6f 6d 00 45 6e 75 6d 00 50 65 6e 00 43 6c 69 65 6e 74 54 6f 53 63 72 65 65 6e 00 63 43 68 69 6c 64 72 65 6e 00 4d 61 69 6e 00 46 69 78 75 70 41 70 70 44 6f 6d 61 69 6e 00 45 78 74 72 61 63 74 41 73 73 6f 63 69 61 74 65 64 49 63 6f 6e 00 56 65 72 73 69 6f 6e 00 41 70 70 6c 69 63 61 74 69 6f 6e 00 67 65 74 5f 4c 6f 63 61 74 69 6f 6e 00 47 65 74 4d 65 73 73 61 67 65 4d 6f 75 73 65 53 63 72 65 65 6e 4c 6f 63 61 74 69 6f 6e 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 49 46 69 6c 65 44 69 61 6c 6f 67 45 76 65 6e 74 73 2e 4f 6e 53 68 61 72 65 56 69 6f 6c 61 74 69 6f 6e 00 53 79 73 74 65 6d 49
                                                                                                                              Data Ascii: hItemIShellItemGetNextItemhitemSystemget_BottombottomEnumPenClientToScreencChildrenMainFixupAppDomainExtractAssociatedIconVersionApplicationget_LocationGetMessageMouseScreenLocationScreenConnect.IFileDialogEvents.OnShareViolationSystemI


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              8192.168.2.449760104.21.64.14436408C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-17 21:20:55 UTC116OUTGET /Bin/ScreenConnect.Client.dll HTTP/1.1
                                                                                                                              Host: molatoripro.icu
                                                                                                                              Accept-Encoding: gzip
                                                                                                                              Connection: Keep-Alive
                                                                                                                              2024-12-17 21:20:55 UTC792INHTTP/1.1 200 OK
                                                                                                                              Date: Tue, 17 Dec 2024 21:20:55 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: private
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5h4%2BqjHp5YtaxhYgqvkIrkfEwLTcr5jXacX60syWc5r9oq9mu7yZnVvIOPEF2SVRge7Wrk9QPjf2M6aee9OHrNh0xiRlOQU5g7VKC7hhvkLyZRqxQ7LcyGXlEkmvuUT2TYs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f39f5ba7afb42e9-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1752&min_rtt=1741&rtt_var=675&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=707&delivery_rate=1596500&cwnd=239&unsent_bytes=0&cid=c3da4c330c50a811&ts=836&x=0"
                                                                                                                              2024-12-17 21:20:55 UTC1369INData Raw: 34 30 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5a 3c cd b8 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 fa 02 00 00 06 00 00 00 00 00 00 82 18 03 00 00 20 00 00 00 20 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 03 00 00 02 00 00 9e 14 03 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00
                                                                                                                              Data Ascii: 4000MZ@!L!This program cannot be run in DOS mode.$PELZ<" 0 `@
                                                                                                                              2024-12-17 21:20:55 UTC1369INData Raw: 00 00 04 2a 1e 02 7b 44 00 00 04 2a 22 02 03 7d 44 00 00 04 2a 1e 02 7b 45 00 00 04 2a 22 02 03 7d 45 00 00 04 2a 1e 02 7b 46 00 00 04 2a 22 02 03 7d 46 00 00 04 2a 1e 02 7b 47 00 00 04 2a 22 02 03 7d 47 00 00 04 2a 8e 02 03 28 40 00 00 0a 2c 18 03 28 08 00 00 2b 02 fe 06 1f 00 00 06 73 42 00 00 0a 28 09 00 00 2b 2a 16 2a 86 72 7b 00 00 70 02 28 10 00 00 06 8c 1d 00 00 01 02 28 14 00 00 06 8c 1a 00 00 01 28 44 00 00 0a 2a 1e 02 28 45 00 00 0a 2a 00 00 00 13 30 02 00 64 00 00 00 00 00 00 00 03 6f 10 00 00 06 02 28 10 00 00 06 33 54 03 6f 12 00 00 06 02 28 12 00 00 06 28 46 00 00 0a 2c 41 03 6f 14 00 00 06 02 28 14 00 00 06 28 47 00 00 0a 2c 2e 03 6f 16 00 00 06 02 28 16 00 00 06 33 20 03 6f 18 00 00 06 02 28 18 00 00 06 33 12 03 6f 1a 00 00 06 02 28 1a 00
                                                                                                                              Data Ascii: *{D*"}D*{E*"}E*{F*"}F*{G*"}G*(@,(+sB(+**r{p(((D*(E*0do(3To((F,Ao((G,.o(3 o(3o(
                                                                                                                              2024-12-17 21:20:55 UTC1369INData Raw: 00 2b 28 4e 00 00 0a 2a 1e 02 7b 8f 00 00 04 2a 3a 02 28 4f 00 00 0a 02 03 7d 8f 00 00 04 2a 1e 02 7b 90 00 00 04 2a 3a 02 28 4f 00 00 0a 02 03 7d 90 00 00 04 2a 7e 02 0e 05 72 0d 01 00 70 28 0b 00 00 2b 7d 51 00 00 0a 02 03 04 05 0e 04 15 28 52 00 00 0a 2a 00 00 13 30 05 00 25 00 00 00 08 00 00 11 02 03 12 00 14 12 01 fe 15 6c 00 00 1b 07 28 53 00 00 0a 2c 0f 02 7b 51 00 00 0a 06 6f 54 00 00 0a 26 2b dc 2a 56 02 04 7d 55 00 00 0a 02 03 16 8d ac 00 00 01 28 56 00 00 0a 2a 1e 02 7b 55 00 00 0a 2a 56 02 73 57 00 00 0a 7d 58 00 00 0a 02 03 04 05 28 59 00 00 0a 2a 00 00 00 13 30 03 00 29 00 00 00 09 00 00 11 02 7b 5a 00 00 0a 0a 06 0b 07 03 28 5b 00 00 0a 74 06 00 00 1b 0c 02 7c 5a 00 00 0a 08 07 28 0c 00 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 03 00 29 00 00
                                                                                                                              Data Ascii: +(N*{*:(O}*{*:(O}*~rp(+}Q(R*0%l(S,{QoT&+*V}U(V*{U*VsW}X(Y*0){Z([t|Z(+3*0)
                                                                                                                              2024-12-17 21:20:55 UTC1369INData Raw: e0 00 00 06 2a 46 28 7c 00 00 0a 02 7b 98 00 00 04 6f 7d 00 00 0a 2a 5e 03 75 3d 00 00 02 2c 0d 02 03 a5 3d 00 00 02 28 e0 00 00 06 2a 16 2a 5e 28 7c 00 00 0a 02 7b 98 00 00 04 03 7b 98 00 00 04 6f 7e 00 00 0a 2a 26 03 02 28 d8 00 00 06 51 2a 00 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 f7 01 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 e3 00 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 e5 00 00 06 16 fe 01 2a 26 0f 00 03 28 e8 00 00 06 2a 0a 16 2a 5e 03 75 3e 00 00 02 2c 0d 02 03 a5 3e 00 00 02 28 e8 00 00 06 2a 16 2a 0a 17 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 1d 02 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00
                                                                                                                              Data Ascii: *F(|{o}*^u=,=(**^(|{{o~*&(Q*0@surpov&rYpov&(, ow&}ow&o)**.(*&(**^u>,>(***0@surpov&rYpov
                                                                                                                              2024-12-17 21:20:55 UTC1369INData Raw: 02 03 28 19 01 00 06 16 fe 01 2a 26 0f 00 03 28 1c 01 00 06 2a 46 28 88 00 00 0a 02 7b a0 00 00 04 6f 89 00 00 0a 2a 5e 03 75 44 00 00 02 2c 0d 02 03 a5 44 00 00 02 28 1c 01 00 06 2a 16 2a 5e 28 88 00 00 0a 02 7b a0 00 00 04 03 7b a0 00 00 04 6f 8a 00 00 0a 2a 26 03 02 28 14 01 00 06 54 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 a3 03 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 1f 01 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 21 01 00 06 16 fe 01 2a 26 0f 00 03 28 24 01 00 06 2a 0a 16 2a 5e 03 75 45 00 00 02 2c 0d 02 03 a5 45 00 00 02 28 24 01 00 06 2a 16 2a 0a 17 2a 5a 02 03 7d a1 00 00 04 02 04 7d a2 00 00 04 02 05 7d a3 00 00 04 2a 1e 02 7b
                                                                                                                              Data Ascii: (*&(*F({o*^uD,D(**^({{o*&(T*0@surpov&rYpov&(, ow&}ow&o)**.(!*&($**^uE,E($***Z}}}*{
                                                                                                                              2024-12-17 21:20:55 UTC1369INData Raw: 00 12 00 00 11 03 72 25 05 00 70 6f 76 00 00 0a 26 03 02 28 4e 01 00 06 0a 12 00 fe 16 b1 00 00 01 6f 29 00 00 0a 6f 76 00 00 0a 26 17 2a 2e 02 03 28 53 01 00 06 16 fe 01 2a 26 0f 00 03 28 56 01 00 06 2a 46 28 8b 00 00 0a 02 7b a5 00 00 04 6f 8c 00 00 0a 2a 5e 03 75 4a 00 00 02 2c 0d 02 03 a5 4a 00 00 02 28 56 01 00 06 2a 16 2a 5e 28 8b 00 00 0a 02 7b a5 00 00 04 03 7b a5 00 00 04 6f 91 00 00 0a 2a 26 03 02 28 4e 01 00 06 52 2a 22 02 03 7d a6 00 00 04 2a 1e 02 7b a6 00 00 04 2a 22 02 03 7d a6 00 00 04 2a 00 00 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 6d 05 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 5c 01 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 13 30 02 00 29 00
                                                                                                                              Data Ascii: r%pov&(No)ov&*.(S*&(V*F({o*^uJ,J(V**^({{o*&(NR*"}*{*"}*0@surmpov&rYpov&(\, ow&}ow&o)*0)
                                                                                                                              2024-12-17 21:20:55 UTC1369INData Raw: 00 0a 02 7b aa 00 00 04 03 7b aa 00 00 04 6f 7e 00 00 0a 2a 26 03 02 28 85 01 00 06 51 2a 00 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 63 06 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 90 01 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 92 01 00 06 16 fe 01 2a 26 0f 00 03 28 95 01 00 06 2a 0a 16 2a 5e 03 75 50 00 00 02 2c 0d 02 03 a5 50 00 00 02 28 95 01 00 06 2a 16 2a 0a 17 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 8f 06 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 97 01 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 99 01 00 06 16 fe 01 2a
                                                                                                                              Data Ascii: {{o~*&(Q*0@surcpov&rYpov&(, ow&}ow&o)**.(*&(**^uP,P(***0@surpov&rYpov&(, ow&}ow&o)**.(*
                                                                                                                              2024-12-17 21:20:55 UTC1369INData Raw: 2e 02 03 28 d1 01 00 06 16 fe 01 2a 26 0f 00 03 28 d4 01 00 06 2a 46 28 8f 00 00 0a 02 7b ac 00 00 04 6f 90 00 00 0a 2a 5e 03 75 58 00 00 02 2c 0d 02 03 a5 58 00 00 02 28 d4 01 00 06 2a 16 2a 5e 28 8f 00 00 0a 02 7b ac 00 00 04 03 7b ac 00 00 04 6f 93 00 00 0a 2a 26 03 02 28 cc 01 00 06 54 2a 3e 02 03 7d ad 00 00 04 02 04 7d ae 00 00 04 2a 1e 02 7b ad 00 00 04 2a 22 02 03 7d ad 00 00 04 2a 1e 02 7b ae 00 00 04 2a 22 02 03 7d ae 00 00 04 2a 00 00 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 27 08 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 dc 01 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 13 30 02 00 42 00 00 00 14 00 00 11 03 72 5f 08 00 70 6f 76 00 00 0a 26 03 02 28 d7
                                                                                                                              Data Ascii: .(*&(*F({o*^uX,X(**^({{o*&(T*>}}*{*"}*{*"}*0@sur'pov&rYpov&(, ow&}ow&o)*0Br_pov&(
                                                                                                                              2024-12-17 21:20:55 UTC1369INData Raw: 02 00 06 2a 16 2a 0a 17 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 a3 09 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 0f 02 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 11 02 00 06 16 fe 01 2a 26 0f 00 03 28 14 02 00 06 2a 0a 16 2a 5e 03 75 5f 00 00 02 2c 0d 02 03 a5 5f 00 00 02 28 14 02 00 06 2a 16 2a 0a 17 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 cb 09 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 16 02 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 18 02 00 06 16 fe 01 2a 26 0f 00 03 28 1b 02 00 06 2a 0a 16 2a 5e 03 75 60 00 00 02 2c 0d
                                                                                                                              Data Ascii: ***0@surpov&rYpov&(, ow&}ow&o)**.(*&(**^u_,_(***0@surpov&rYpov&(, ow&}ow&o)**.(*&(**^u`,
                                                                                                                              2024-12-17 21:20:56 UTC1369INData Raw: 26 03 02 28 49 02 00 06 0a 12 00 fe 16 b1 00 00 01 6f 29 00 00 0a 6f 76 00 00 0a 26 17 2a 2e 02 03 28 4e 02 00 06 16 fe 01 2a 26 0f 00 03 28 51 02 00 06 2a 46 28 8b 00 00 0a 02 7b b5 00 00 04 6f 8c 00 00 0a 2a 5e 03 75 65 00 00 02 2c 0d 02 03 a5 65 00 00 02 28 51 02 00 06 2a 16 2a 5e 28 8b 00 00 0a 02 7b b5 00 00 04 03 7b b5 00 00 04 6f 91 00 00 0a 2a 26 03 02 28 49 02 00 06 52 2a 22 02 03 7d b6 00 00 04 2a 1e 02 7b b6 00 00 04 2a 22 02 03 7d b6 00 00 04 2a 00 00 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 21 0b 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 57 02 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 13 30 02 00 29 00 00 00 16 00 00 11 03 72 53 0b 00 70 6f 76 00 00
                                                                                                                              Data Ascii: &(Io)ov&*.(N*&(Q*F({o*^ue,e(Q**^({{o*&(IR*"}*{*"}*0@sur!pov&rYpov&(W, ow&}ow&o)*0)rSpov


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              9192.168.2.449761104.21.64.14436408C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-17 21:20:57 UTC123OUTGET /Bin/ScreenConnect.ClientService.dll HTTP/1.1
                                                                                                                              Host: molatoripro.icu
                                                                                                                              Accept-Encoding: gzip
                                                                                                                              Connection: Keep-Alive
                                                                                                                              2024-12-17 21:20:58 UTC796INHTTP/1.1 200 OK
                                                                                                                              Date: Tue, 17 Dec 2024 21:20:58 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: private
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GxbnNuqvvEj%2FvASpZJpdywQzpKspt7JPW3jPolUc040942jqmvgVZLo23s9e6rJhhVgNh8%2FySmgZUTmvCJ0OMPLjwoYi90qRU6tF6bFu1hqBqrhEccbzTpq42oEn%2B47Ey7k%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f39f5cb7f488ca1-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2019&min_rtt=1987&rtt_var=768&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=714&delivery_rate=1469552&cwnd=168&unsent_bytes=0&cid=3ec91d16ec6643c5&ts=811&x=0"
                                                                                                                              2024-12-17 21:20:58 UTC573INData Raw: 34 30 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 30 d8 54 90 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 02 01 00 00 06 00 00 00 00 00 00 ba 20 01 00 00 20 00 00 00 40 01 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 01 00 00 02 00 00 64 fa 01 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00
                                                                                                                              Data Ascii: 4000MZ@!L!This program cannot be run in DOS mode.$PEL0T" 0 @ d@
                                                                                                                              2024-12-17 21:20:58 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 18 00 00 0a 2a 5e 02 28 18 00 00 0a 02 17 8d 82 00 00 01 25 16 03 9c 7d 01 00 00 04 2a 3a 02 28 18 00 00 0a 02 03 7d 01 00 00 04 2a 3a 02 28 18 00 00 0a 02 03 7d 02 00 00 04 2a 3a 02 28 18 00 00 0a 02 03 7d 03 00 00 04 2a 96 7e 2c 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 69 00 00 06 73 19 00 00 0a 25 80 2c 00 00 04 28 01 00 00 2b 2a 76 73 8d 00 00 06 25 02 7d 50 00 00 04 fe 06 8e 00 00 06 73 1b 00 00 0a 28 1c 00 00 0a 2a 00 00 00 13 30 06 00 0d 01 00 00 01 00 00 11 02 73 1d 00 00 0a 7d 05 00 00 04 02 73 1d 00 00 0a 7d 06 00 00 04 02 16 8d 18 00 00 01 7d 0e 00 00 04 02 03 04 28 26 00 00 06 02 05 7d 04 00 00 04 02 28 14 00 00 06 26 02 28 29 00 00 06 02 fe 06 1b 00 00 06 73
                                                                                                                              Data Ascii: (*^(%}*:(}*:(}*:(}*~,%-&~+is%,(+*vs%}Ps(*0s}s}}(&}(&()s
                                                                                                                              2024-12-17 21:20:58 UTC1369INData Raw: 39 b3 00 00 00 11 09 28 45 00 00 0a 20 0b 06 00 00 40 a2 00 00 00 11 07 7b 52 00 00 04 6f 45 00 00 0a 20 0b 06 00 00 33 2b 11 0a 13 0e 11 0b 13 0f 12 0e 28 48 00 00 0a 12 0f 28 48 00 00 0a fe 01 12 0e 28 49 00 00 0a 12 0f 28 49 00 00 0a fe 01 5f 2d 64 12 0a 28 49 00 00 0a 2d 03 17 2b 2a 12 0a 28 48 00 00 0a 7e 25 00 00 04 25 2d 13 26 14 fe 06 4a 00 00 0a 73 4b 00 00 0a 25 80 25 00 00 04 28 04 00 00 2b 16 fe 01 2c 2c 7e 28 00 00 0a 02 28 28 00 00 06 6f 4d 00 00 0a 6f 4e 00 00 0a 2c 15 02 17 28 17 00 00 06 02 73 4f 00 00 0a 17 11 0a 28 0e 00 00 06 02 7b 08 00 00 04 d0 1f 00 00 01 28 50 00 00 0a 11 07 7b 52 00 00 04 6f 51 00 00 0a 11 09 2d 03 17 2b 11 11 09 28 45 00 00 0a 20 0b 06 00 00 fe 01 16 fe 01 2d 2b 11 0a 13 0f 11 0b 13 0e 12 0f 28 48 00 00 0a 12 0e
                                                                                                                              Data Ascii: 9(E @{RoE 3+(H(H(I(I_-d(I-+*(H~%%-&JsK%%(+,,~(((oMoN,(sO({(P{RoQ-+(E -+(H
                                                                                                                              2024-12-17 21:20:58 UTC1369INData Raw: 00 00 0a 2c 31 11 16 6f 6c 00 00 0a 2d 10 7e 6d 00 00 0a 11 17 16 28 6e 00 00 0a 26 2b 18 11 16 6f 6c 00 00 0a 17 33 0e 7e 6d 00 00 0a 11 17 16 28 6f 00 00 0a 26 16 0b 38 24 03 00 00 03 75 26 00 00 01 13 18 11 18 39 c9 00 00 00 11 18 6f 70 00 00 0a 2d 07 18 0b 38 05 03 00 00 11 18 6f 70 00 00 0a 17 40 f8 02 00 00 02 7b 05 00 00 04 13 08 11 08 28 2d 00 00 0a 02 7b 08 00 00 04 7e 34 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 71 00 00 06 73 71 00 00 0a 25 80 34 00 00 04 28 0b 00 00 2b 13 19 17 0b 73 72 00 00 0a 25 7e 28 00 00 0a 6f 73 00 00 0a 11 19 28 74 00 00 0a 28 75 00 00 0a 6f 76 00 00 0a 25 7e 28 00 00 0a 6f 77 00 00 0a 11 19 28 74 00 00 0a 28 75 00 00 0a 6f 78 00 00 0a 25 7e 28 00 00 0a 6f 79 00 00 0a 11 19 28 74 00 00 0a 28 75 00 00 0a 6f 7a 00 00 0a
                                                                                                                              Data Ascii: ,1ol-~m(n&+ol3~m(o&8$u&9op-8op@{(-{~4%-&~+qsq%4(+sr%~(os(t(uov%~(ow(t(uox%~(oy(t(uoz
                                                                                                                              2024-12-17 21:20:58 UTC1369INData Raw: 07 00 00 04 07 6f 9c 00 00 0a 03 6f 63 00 00 06 de 21 26 02 7b 07 00 00 04 07 6f 9c 00 00 0a 16 6f 62 00 00 06 02 7b 07 00 00 04 07 6f 9e 00 00 0a de 00 07 17 59 0b 07 16 3c 64 ff ff ff de 07 06 28 33 00 00 0a dc 2a 00 00 01 1c 00 00 00 00 7c 00 14 90 00 21 12 00 00 01 02 00 0d 00 b1 be 00 07 00 00 00 00 13 30 07 00 9d 01 00 00 07 00 00 11 04 75 2c 00 00 01 0a 06 39 e5 00 00 00 02 7b 0d 00 00 04 03 73 9f 00 00 0a 25 06 6f a0 00 00 0a 7e 3c 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 79 00 00 06 73 a1 00 00 0a 25 80 3c 00 00 04 28 10 00 00 2b 7e 3d 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 7a 00 00 06 73 a3 00 00 0a 25 80 3d 00 00 04 28 11 00 00 2b 16 28 12 00 00 2b 6f a5 00 00 0a 25 06 6f a6 00 00 0a 7e 3e 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 7b 00 00
                                                                                                                              Data Ascii: ooc!&{oob{oY<d(3*|!0u,9{s%o~<%-&~+ys%<(+~=%-&~+zs%=(+(+o%o~>%-&~+{
                                                                                                                              2024-12-17 21:20:58 UTC1369INData Raw: 06 73 cd 00 00 0a 25 80 46 00 00 04 28 1c 00 00 2b 7e 47 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 84 00 00 06 73 ce 00 00 0a 25 80 47 00 00 04 28 1d 00 00 2b 28 1e 00 00 2b 7d 71 00 00 04 06 7e 28 00 00 0a 6f d0 00 00 0a 2c 07 28 d1 00 00 0a 2d 72 02 7b 04 00 00 04 15 2e 14 07 06 fe 06 b8 00 00 06 73 d2 00 00 0a 28 1f 00 00 2b 2d 48 28 d4 00 00 0a 0d 12 03 28 49 00 00 0a 2c 21 06 12 03 28 48 00 00 0a 7d 70 00 00 04 07 06 fe 06 b9 00 00 06 73 d2 00 00 0a 28 1f 00 00 2b 2d 0b 12 03 fe 15 11 00 00 1b 09 2b 20 06 7b 70 00 00 04 73 d5 00 00 0a 2b 13 02 7b 04 00 00 04 73 d5 00 00 0a 2b 06 16 73 d5 00 00 0a 7d 72 00 00 04 07 06 fe 06 ba 00 00 06 73 d6 00 00 0a 28 20 00 00 2b 06 fe 06 bb 00 00 06 73 d7 00 00 0a 28 d1 00 00 0a 28 21 00 00 2b 7e 48 00 00 04 25 2d
                                                                                                                              Data Ascii: s%F(+~G%-&~+s%G(+(+}q~(o,(-r{.s(+-H((I,!(H}ps(+-+ {ps+{s+s}rs( +s((!+~H%-
                                                                                                                              2024-12-17 21:20:58 UTC1369INData Raw: 00 00 04 7e 4d 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 8a 00 00 06 73 01 01 00 0a 25 80 4d 00 00 04 28 2e 00 00 2b 28 2f 00 00 2b 13 0a 09 11 0a 66 5f 16 13 0b 28 30 00 00 2b 6f 04 01 00 0a 13 0c 38 96 00 00 00 11 0c 6f 05 01 00 0a 13 0d 12 01 28 8a 00 00 0a 08 11 0d 02 fe 06 10 00 00 06 73 06 01 00 0a 06 7b 77 00 00 04 25 2d 18 26 06 06 fe 06 c6 00 00 06 73 be 00 00 0a 25 13 0f 7d 77 00 00 04 11 0f 06 7b 78 00 00 04 25 2d 18 26 06 06 fe 06 c7 00 00 06 73 07 01 00 0a 25 13 10 7d 78 00 00 04 11 10 28 61 00 00 06 13 0e 11 0e 2c 2a 11 0e 02 7b 08 00 00 04 6f 60 00 00 06 17 13 0b 02 7b 07 00 00 04 11 0e 6f 08 01 00 0a de 0b 26 11 0e 16 6f 62 00 00 06 de 00 11 0c 6f 11 00 00 0a 3a 5e ff ff ff de 0c 11 0c 2c 07 11 0c 6f 10 00 00 0a dc 11 0b 2c 41 02 7b 08 00
                                                                                                                              Data Ascii: ~M%-&~+s%M(.+(/+f_(0+o8o(s{w%-&s%}w{x%-&s%}x(a,*{o`{o&obo:^,o,A{
                                                                                                                              2024-12-17 21:20:58 UTC1369INData Raw: 04 28 34 00 00 2b 2a 13 30 05 00 4e 00 00 00 00 00 00 00 73 30 01 00 0a 25 03 7b 31 01 00 0a 6f 32 01 00 0a 25 03 7b 33 01 00 0a 6f 34 01 00 0a 25 03 7b 35 01 00 0a 6f 36 01 00 0a 25 03 7b 37 01 00 0a 6f 38 01 00 0a 25 02 03 7b 37 01 00 0a 03 7b 35 01 00 0a 28 15 00 00 06 6f 39 01 00 0a 2a 00 00 1b 30 03 00 64 00 00 00 11 00 00 11 28 3a 01 00 0a 0a 06 02 28 27 00 00 06 28 3b 01 00 0a 0b 07 28 3c 01 00 0a 28 3d 01 00 0a 26 de 14 07 2c 06 07 6f 10 00 00 0a dc 06 2c 06 06 6f 10 00 00 0a dc 7e 3e 01 00 0a 72 20 03 00 70 17 6f 3f 01 00 0a 0c 08 2d 02 de 18 08 02 28 27 00 00 06 28 40 01 00 0a de 0a 08 2c 06 08 6f 10 00 00 0a dc 2a 01 28 00 00 02 00 13 00 0e 21 00 0a 00 00 00 00 02 00 06 00 25 2b 00 0a 00 00 00 00 02 00 46 00 13 59 00 0a 00 00 00 00 c6 03 02 7b
                                                                                                                              Data Ascii: (4+*0Ns0%{1o2%{3o4%{5o6%{7o8%{7{5(o9*0d(:('(;(<(=&,o,o~>r po?-('(@,o*(!%+FY{
                                                                                                                              2024-12-17 21:20:58 UTC1369INData Raw: 13 07 11 07 02 03 28 62 01 00 0a 7d 98 00 00 04 11 07 7b 98 00 00 04 13 08 11 08 7b 63 01 00 0a 12 09 fe 15 1a 00 00 01 11 09 28 64 01 00 0a 2c 0c 11 08 7b 65 01 00 0a 39 c6 00 00 00 02 7b 17 00 00 04 7e 90 00 00 04 25 2d 17 26 7e 8a 00 00 04 fe 06 d8 00 00 06 73 58 01 00 0a 25 80 90 00 00 04 28 3f 00 00 2b 11 07 7b 99 00 00 04 25 2d 1a 26 11 07 11 07 fe 06 e4 00 00 06 73 58 01 00 0a 25 13 0a 7d 99 00 00 04 11 0a 28 3f 00 00 2b 6f 60 01 00 0a 13 06 2b 50 11 06 6f 61 01 00 0a 13 0b 28 66 01 00 0a 11 0b 7b 82 00 00 04 11 07 7c 98 00 00 04 7b 65 01 00 0a 6f 67 01 00 0a 11 0b 7b 82 00 00 04 6f 68 01 00 0a de 1c 26 11 0b 7b 7f 00 00 04 1b 2e 08 11 0b 1a 7d 7f 00 00 04 11 0b 28 37 00 00 06 de 00 11 06 6f 11 00 00 0a 2d a7 dd 04 ff ff ff 11 06 2c 07 11 06 6f 10
                                                                                                                              Data Ascii: (b}{{c(d,{e9{~%-&~sX%(?+{%-&sX%}(?+o`+Poa(f{|{eog{oh&{.}(7o-,o
                                                                                                                              2024-12-17 21:20:58 UTC1369INData Raw: 00 13 30 04 00 30 00 00 00 17 00 00 11 20 00 01 00 00 73 1d 01 00 0a 0a 02 28 4a 00 00 06 25 2d 04 26 14 2b 05 6f 25 00 00 0a 02 06 06 6f 1e 01 00 0a 28 81 01 00 0a 28 82 01 00 0a 2a 13 30 05 00 23 00 00 00 18 00 00 11 12 01 fe 15 73 00 00 01 12 01 02 7d 83 01 00 0a 07 0a 14 03 19 12 00 17 28 84 01 00 0a 28 82 01 00 0a 2a 00 13 30 05 00 23 00 00 00 18 00 00 11 12 01 fe 15 73 00 00 01 12 01 02 7d 83 01 00 0a 07 0a 14 03 19 12 00 17 28 85 01 00 0a 28 82 01 00 0a 2a 00 1b 30 06 00 89 00 00 00 19 00 00 11 12 02 fe 15 74 00 00 01 12 02 02 7d 86 01 00 0a 12 02 03 7d 87 01 00 0a 12 02 17 7d 88 01 00 0a 12 02 04 7d 89 01 00 0a 08 0a 14 17 12 00 12 01 28 8a 01 00 0a 28 82 01 00 0a 05 2d 4b 7e 8b 01 00 0a 72 5e 04 00 70 17 17 17 28 8c 01 00 0a 0d 17 1a 73 8d 01 00
                                                                                                                              Data Ascii: 00 s(J%-&+o%o((*0#s}((*0#s}((*0t}}}}((-K~r^p(s


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              10192.168.2.449762104.21.64.14436408C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-17 21:21:00 UTC93OUTGET /Bin/ScreenConnect.Windows.dll HTTP/1.1
                                                                                                                              Host: molatoripro.icu
                                                                                                                              Accept-Encoding: gzip
                                                                                                                              2024-12-17 21:21:01 UTC798INHTTP/1.1 200 OK
                                                                                                                              Date: Tue, 17 Dec 2024 21:21:01 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: private
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sfo9MedmqrD77mJ8yb%2B74eiVIoe6RXRD3ZkM1EsPpRXQjy275tpV%2BIge2MLRzkDI7RX58B7CoCKHFJekRyDf1U%2BQrPNxqthLZnp9F9aXB9mkndvd06PGOL%2BqZLX46fYFPa4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f39f5dc2877c358-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1680&min_rtt=1674&rtt_var=640&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=708&delivery_rate=1691772&cwnd=155&unsent_bytes=0&cid=382e27df0a583750&ts=808&x=0"
                                                                                                                              2024-12-17 21:21:01 UTC1369INData Raw: 34 30 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 6c da d0 ab 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 3e 1a 00 00 06 00 00 00 00 00 00 82 5d 1a 00 00 20 00 00 00 60 1a 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 1a 00 00 02 00 00 5b ab 1a 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00
                                                                                                                              Data Ascii: 4000MZ@!L!This program cannot be run in DOS mode.$PELl" 0>] ` [@
                                                                                                                              2024-12-17 21:21:01 UTC1369INData Raw: 00 00 06 73 b4 02 00 06 25 80 86 00 00 04 28 1d 00 00 06 07 6f b1 02 00 06 26 06 6f 12 00 00 0a 2d c8 de 0a 06 2c 06 06 6f 11 00 00 0a dc 2a 00 00 01 10 00 00 02 00 57 00 3c 93 00 0a 00 00 00 00 1b 30 04 00 ad 00 00 00 06 00 00 11 73 bb 02 00 06 0a 06 04 7d 89 00 00 04 7e 0f 00 00 04 0b 07 28 4c 00 00 0a 02 28 4d 00 00 0a 4d 03 d3 fe 1c ce 00 00 01 5a 58 0c 7e 0f 00 00 04 08 28 4e 00 00 0a 12 03 6f 4f 00 00 0a 2c 0a 09 7b 50 00 00 0a 13 05 de 61 06 08 4d d0 1f 00 00 02 28 51 00 00 0a 28 52 00 00 0a 74 1f 00 00 02 7d 8a 00 00 04 06 fe 06 bc 02 00 06 73 b0 02 00 06 13 04 7e 0f 00 00 04 08 28 4e 00 00 0a 06 7b 8a 00 00 04 11 04 73 53 00 00 0a 6f 54 00 00 0a 08 11 04 28 55 00 00 0a df 06 7b 8a 00 00 04 13 05 de 07 07 28 56 00 00 0a dc 11 05 2a 00 00 00 01 10
                                                                                                                              Data Ascii: s%(o&o-,o*W<0s}~(L(MMZX~(NoO,{PaM(Q(Rt}s~(N{sSoT(U{(V*
                                                                                                                              2024-12-17 21:21:01 UTC1369INData Raw: 5f 00 00 0a 6f 26 00 00 06 2a 00 00 13 30 07 00 2f 00 00 00 08 00 00 11 02 04 05 0e 04 0e 05 0e 06 12 00 6f 79 00 00 0a 2d 09 0e 07 28 cb 00 00 06 14 2a 73 3e 00 00 06 25 06 6f 22 00 00 06 25 03 6f 26 00 00 06 2a 00 13 30 07 00 47 00 00 00 10 00 00 11 73 7a 00 00 0a 0a 06 03 7d 7b 00 00 0a 02 04 05 0e 04 0e 05 0e 06 12 01 6f 79 00 00 0a 2d 09 0e 07 28 cb 00 00 06 14 2a 73 3e 00 00 06 25 07 6f 22 00 00 06 25 06 fe 06 7c 00 00 0a 73 5f 00 00 0a 6f 26 00 00 06 2a 5a 02 14 28 29 00 00 06 2d 07 02 6f 21 00 00 06 2a 7e 5e 00 00 0a 2a 00 00 1b 30 02 00 19 00 00 00 00 00 00 00 02 28 23 00 00 06 2d 07 02 16 28 3d 00 00 06 de 07 02 28 7d 00 00 0a dc 2a 00 00 00 01 10 00 00 02 00 00 00 11 11 00 07 00 00 00 00 5a 02 28 23 00 00 06 2d 0d 02 17 28 3d 00 00 06 02 28 7e
                                                                                                                              Data Ascii: _o&*0/oy-(*s>%o"%o&*0Gsz}{oy-(*s>%o"%|s_o&*Z()-o!*~^*0(#-(=(}*Z(#-(=(~
                                                                                                                              2024-12-17 21:21:01 UTC1369INData Raw: cb 00 00 06 07 08 28 66 01 00 06 0d 08 7e 41 00 00 04 12 05 28 68 01 00 06 2d 0b 16 8d db 00 00 01 28 cb 00 00 06 06 02 7b a6 01 00 04 7b a9 01 00 04 02 7b a6 01 00 04 7b aa 01 00 04 28 95 00 00 0a 11 05 7b b8 01 00 04 02 7b a6 01 00 04 7b aa 01 00 04 16 32 03 15 2b 01 17 5a 12 04 28 96 00 00 0a 02 7b a6 01 00 04 7b aa 01 00 04 16 32 17 11 05 7b b8 01 00 04 02 7b a6 01 00 04 7b aa 01 00 04 17 59 5a 2b 01 16 6a 58 73 97 00 00 0a 11 04 08 09 07 73 4c 00 00 06 13 06 de 0b 26 07 08 09 28 4e 00 00 06 fe 1a 11 06 2a 00 00 00 01 10 00 00 00 00 7d 00 de 5b 01 0b 15 00 00 01 26 02 03 04 28 98 00 00 0a 2a 00 00 13 30 04 00 93 00 00 00 00 00 00 00 02 28 2c 00 00 0a 02 03 72 3f 00 00 70 28 0c 00 00 2b 7d 1c 00 00 04 02 04 72 47 00 00 70 28 0d 00 00 2b 7d 1d 00 00 04
                                                                                                                              Data Ascii: (f~A(h-({{{{({{{2+Z({{2{{{YZ+jXssL&(N*}[&(*0(,r?p(+}rGp(+}
                                                                                                                              2024-12-17 21:21:01 UTC1369INData Raw: 06 2a 03 6f d4 00 00 0a 1f 72 33 07 02 28 5e 00 00 06 2a 03 6f d5 00 00 0a 2c 15 03 6f d4 00 00 0a 1f 41 33 0b 02 7b 21 00 00 04 6f d6 00 00 0a 2a 00 1b 30 03 00 59 00 00 00 19 00 00 11 02 7b 1f 00 00 04 0a 06 28 4c 00 00 0a 02 7b 22 00 00 04 02 7b 22 00 00 04 6f bf 00 00 0a 16 fe 01 6f ad 00 00 0a 02 7b 21 00 00 04 6f d7 00 00 0a 02 16 7d 20 00 00 04 02 7b 22 00 00 04 6f d6 00 00 0a 02 7b 22 00 00 04 6f d8 00 00 0a 26 de 07 06 28 56 00 00 0a dc 2a 00 00 00 01 10 00 00 02 00 0d 00 44 51 00 07 00 00 00 00 1b 30 02 00 29 00 00 00 19 00 00 11 02 7b 1f 00 00 04 0a 06 28 4c 00 00 0a 02 7b 21 00 00 04 6f d7 00 00 0a 02 16 7d 20 00 00 04 de 07 06 28 56 00 00 0a dc 2a 00 00 00 01 10 00 00 02 00 0d 00 14 21 00 07 00 00 00 00 1b 30 02 00 34 00 00 00 19 00 00 11 02
                                                                                                                              Data Ascii: *or3(^*o,oA3{!o*0Y{(L{"{"oo{!o} {"o{"o&(V*DQ0){(L{!o} (V*!04
                                                                                                                              2024-12-17 21:21:01 UTC1369INData Raw: 00 00 0a 7a 12 00 fe 15 f0 00 00 02 12 00 72 15 01 00 70 16 28 34 02 00 06 7d b6 04 00 04 12 00 17 7d bc 04 00 04 12 00 02 28 71 00 00 06 7d bd 04 00 04 12 00 7c c4 04 00 04 05 7d bf 01 00 04 12 00 7c c4 04 00 04 04 7d be 01 00 04 12 00 1f 40 8d ea 00 00 01 7d c7 04 00 04 12 01 fe 15 ef 00 00 02 12 01 72 15 01 00 70 16 28 34 02 00 06 7d ab 04 00 04 12 01 72 1f 01 00 70 16 28 34 02 00 06 7d ac 04 00 04 12 01 1f 0c 7d b0 04 00 04 12 01 02 28 71 00 00 06 1f 0a 5a 7d ad 04 00 04 12 01 20 40 1f 00 00 7d ae 04 00 04 04 05 1f 20 16 28 53 00 00 06 0c 28 3b 02 00 06 02 08 28 55 00 00 06 7d 2a 00 00 04 02 7c 25 00 00 04 03 20 01 10 00 00 16 28 35 02 00 06 28 04 01 00 06 02 7b 25 00 00 04 02 7c 26 00 00 04 12 00 28 37 02 00 06 28 04 01 00 06 02 7c 27 00 00 04 02 7b
                                                                                                                              Data Ascii: zrp(4}}(q}|}|}@}rp(4}rp(4}}(qZ} @} (S(;(U}*|% (5({%|&(7(|'{
                                                                                                                              2024-12-17 21:21:01 UTC1369INData Raw: 06 16 e0 13 05 2b 0b 11 07 16 8f c9 00 00 01 e0 13 05 12 08 fe 15 84 00 00 02 12 09 fe 15 84 00 00 02 12 12 fe 15 86 00 00 02 12 12 18 7d 4f 02 00 04 12 12 11 04 7d 50 02 00 04 11 12 13 0a 12 12 fe 15 86 00 00 02 12 12 18 7d 4f 02 00 04 12 12 11 05 7d 50 02 00 04 11 12 13 0b 12 13 fe 15 85 00 00 02 12 13 17 7d 4c 02 00 04 12 13 12 0a e0 7d 4d 02 00 04 11 13 13 0c 12 13 fe 15 85 00 00 02 12 13 17 7d 4c 02 00 04 12 13 12 0b e0 7d 4d 02 00 04 11 13 13 0d 16 6a 13 0e 16 13 0f 14 13 10 14 13 11 04 28 10 01 00 0a 13 11 11 11 73 11 01 00 0a 13 14 11 14 28 12 01 00 0a 73 13 01 00 0a 13 15 11 14 28 12 01 00 0a 73 14 01 00 0a 13 16 11 16 72 81 01 00 70 03 6f 15 01 00 0a 03 6f 16 01 00 0a 8c db 00 00 01 6f 17 01 00 0a 11 16 72 b3 01 00 70 04 6f 15 01 00 0a 28 93 00
                                                                                                                              Data Ascii: +}O}P}O}P}L}M}L}Mj(s(s(srpooorpo(
                                                                                                                              2024-12-17 21:21:01 UTC1369INData Raw: 03 00 70 11 2b 6f 31 01 00 0a 28 93 00 00 0a 11 2b 73 56 00 00 06 7a 11 09 7b 49 02 00 04 16 d3 28 84 00 00 0a 2d 10 11 09 7b 4a 02 00 04 16 d3 28 84 00 00 0a 2c 09 12 09 e0 28 84 01 00 06 26 11 08 7b 49 02 00 04 16 d3 28 84 00 00 0a 2d 10 11 08 7b 4a 02 00 04 16 d3 28 84 00 00 0a 2c 09 12 08 e0 28 83 01 00 06 26 dc 11 2a 2a 00 00 41 c4 00 00 02 00 00 00 f3 01 00 00 a6 00 00 00 99 02 00 00 04 00 00 00 00 00 00 00 02 00 00 00 d6 01 00 00 c9 00 00 00 9f 02 00 00 04 00 00 00 00 00 00 00 02 00 00 00 b9 01 00 00 ec 00 00 00 a5 02 00 00 04 00 00 00 00 00 00 00 02 00 00 00 26 01 00 00 3d 04 00 00 63 05 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 18 01 00 00 59 04 00 00 71 05 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 0a 01 00 00 75 04 00 00 7f 05 00 00 0c 00 00 00
                                                                                                                              Data Ascii: p+o1(+sVz{I(-{J(,(&{I(-{J(,(&**A&=cYqu
                                                                                                                              2024-12-17 21:21:01 UTC1369INData Raw: 02 00 06 7d 3a 00 00 04 de 41 11 05 7b 96 01 00 04 7e 5e 00 00 0a 28 84 00 00 0a 2c 0d 11 05 7b 96 01 00 04 28 62 01 00 06 26 11 05 7b 95 01 00 04 7e 5e 00 00 0a 28 84 00 00 0a 2c 0d 11 05 7b 95 01 00 04 28 62 01 00 06 26 dc 02 7b 3a 00 00 04 2d 10 02 28 61 01 00 0a 73 e5 02 00 06 7d 3a 00 00 04 06 07 6f 64 01 00 0a 6a 02 7b 3a 00 00 04 6f 6c 01 00 0a 17 2a 00 00 01 10 00 00 02 00 db 00 71 4c 01 41 00 00 00 00 1b 30 03 00 4a 00 00 00 00 00 00 00 28 0d 01 00 06 1c 18 73 6d 01 00 0a 28 6e 01 00 0a 2c 36 20 00 08 00 00 28 53 02 00 06 28 ca 00 00 06 1f 0a 1a 28 90 00 00 06 de 1d 75 8f 00 00 01 25 2d 04 26 16 2b 0c 6f 6f 01 00 0a 1f 57 fe 01 16 fe 03 fe 11 26 de 00 2a 00 00 01 10 00 00 01 00 22 00 0a 46 00 03 2c 00 00 00 7a 02 0f 01 03 8c db 00 00 01 28 70 01
                                                                                                                              Data Ascii: }:A{~^(,{(b&{~^(,{(b&{:-(as}:odj{:ol*qLA0J(sm(n,6 (S((u%-&+ooW&*"F,z(p
                                                                                                                              2024-12-17 21:21:01 UTC1369INData Raw: 6f 11 00 00 0a dc 2a 00 00 01 1c 00 00 02 00 39 00 22 5b 00 0a 00 00 00 00 02 00 6d 00 de 4b 01 0a 00 00 00 00 5e 7e 8b 01 00 0a 72 05 04 00 70 02 28 93 00 00 0a 03 6f 8c 01 00 0a 2a 1b 30 03 00 38 00 00 00 24 00 00 11 28 92 00 00 06 0a 06 6f 21 00 00 06 1f 28 28 93 00 00 06 0b 07 28 3a 00 00 06 02 17 28 9e 00 00 06 de 14 07 2c 06 07 6f 11 00 00 0a dc 06 2c 06 06 6f 11 00 00 0a dc 2a 01 1c 00 00 02 00 14 00 0f 23 00 0a 00 00 00 00 02 00 06 00 27 2d 00 0a 00 00 00 00 13 30 06 00 2a 00 00 00 27 00 00 11 03 04 28 9f 00 00 06 0a 02 16 12 00 16 7e 5e 00 00 0a 7e 5e 00 00 0a 28 f1 01 00 06 2d 0b 16 8d db 00 00 01 28 cb 00 00 06 2a 00 00 13 30 03 00 36 00 00 00 28 00 00 11 14 02 12 00 28 f0 01 00 06 2d 0b 16 8d db 00 00 01 28 cb 00 00 06 12 01 17 7d 03 04 00 04
                                                                                                                              Data Ascii: o*9"[mK^~rp(o*08$(o!(((:(,o,o*#'-0*'(~^~^(-(*06((-(}


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              11192.168.2.449763104.21.64.14436408C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-17 21:21:05 UTC99OUTGET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1
                                                                                                                              Host: molatoripro.icu
                                                                                                                              Accept-Encoding: gzip
                                                                                                                              2024-12-17 21:21:06 UTC825INHTTP/1.1 200 OK
                                                                                                                              Date: Tue, 17 Dec 2024 21:21:06 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: private
                                                                                                                              CF-Cache-Status: BYPASS
                                                                                                                              Accept-Ranges: bytes
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I2VuH%2FNDW%2Fc3tzVQ0yP3%2BixVQb8%2B5CbrvFJKuazaIy0ngN%2FaPfE3sQ%2BlBWeK5ishZrb4sWQYoNXKU%2Brl8SvXqrMa2wMClf0C0dJDhZLPxLbecbtseqmCtbTtOunReC5n%2BuI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f39f5fc4b2f4414-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1735&min_rtt=1735&rtt_var=867&sent=7&recv=8&lost=0&retrans=1&sent_bytes=4216&recv_bytes=714&delivery_rate=68675&cwnd=172&unsent_bytes=0&cid=d5fa5e73a367625a&ts=978&x=0"
                                                                                                                              2024-12-17 21:21:06 UTC544INData Raw: 37 38 61 38 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 7b 3c 99 98 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 fc 08 00 00 06 00 00 00 00 00 00 92 15 09 00 00 20 00 00 00 20 09 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 09 00 00 02 00 00 19 78 09 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00
                                                                                                                              Data Ascii: 78a8MZ@!L!This program cannot be run in DOS mode.$PEL{<"0 @ `x@
                                                                                                                              2024-12-17 21:21:06 UTC1369INData Raw: 00 00 eb 03 00 06 00 00 00 00 00 00 00 00 14 14 09 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 7b 44 00 00 0a 2a 1e 02 7b 45 00 00 0a 2a 56 02 28 46 00 00 0a 02 03 7d 44 00 00 0a 02 04 7d 45 00 00 0a 2a 00 00 13 30 03 00 41 00 00 00 01 00 00 11 03 75 31 00 00 1b 0a 02 06 2e 34 06 2c 2f 28 47 00 00 0a 02 7b 44 00 00 0a 06 7b 44 00 00 0a 6f 48 00 00 0a 2c 17 28 49 00 00 0a 02 7b 45 00 00 0a 06 7b 45 00 00 0a 6f 4a 00 00 0a 2a 16 2a 17 2a d2 20 7d f4 81 6f 20 29 55 55 a5 5a 28 47 00 00 0a 02 7b 44 00 00 0a 6f 4b 00 00 0a 58 20 29 55 55 a5 5a 28 49 00 00 0a 02 7b 45 00 00 0a 6f 4c 00 00 0a 58 2a 00 00 13 30 07 00 62 00 00 00 02 00 00 11 14 72 01 00 00 70 18 8d 11 00 00 01 25 16 02 7b 44
                                                                                                                              Data Ascii: {D*{E*V(F}D}E*0Au1.4,/(G{D{DoH,(I{E{EoJ*** }o )UUZ(G{DoKX )UUZ(I{EoLX*0brp%{D
                                                                                                                              2024-12-17 21:21:06 UTC1369INData Raw: 00 0a 06 7b 58 00 00 0a 6f 5d 00 00 0a 2c 17 28 5e 00 00 0a 02 7b 59 00 00 0a 06 7b 59 00 00 0a 6f 5f 00 00 0a 2a 16 2a 17 2a 00 00 00 13 30 03 00 79 00 00 00 00 00 00 00 20 7f 00 b1 02 20 29 55 55 a5 5a 28 47 00 00 0a 02 7b 55 00 00 0a 6f 4b 00 00 0a 58 20 29 55 55 a5 5a 28 49 00 00 0a 02 7b 56 00 00 0a 6f 4c 00 00 0a 58 20 29 55 55 a5 5a 28 5a 00 00 0a 02 7b 57 00 00 0a 6f 60 00 00 0a 58 20 29 55 55 a5 5a 28 5c 00 00 0a 02 7b 58 00 00 0a 6f 61 00 00 0a 58 20 29 55 55 a5 5a 28 5e 00 00 0a 02 7b 59 00 00 0a 6f 62 00 00 0a 58 2a 00 00 00 13 30 07 00 db 00 00 00 07 00 00 11 14 72 59 01 00 70 1b 8d 11 00 00 01 25 16 02 7b 55 00 00 0a 0a 12 00 25 71 34 00 00 1b 8c 34 00 00 1b 2d 04 26 14 2b 0b fe 16 34 00 00 1b 6f 4d 00 00 0a a2 25 17 02 7b 56 00 00 0a 0b 12
                                                                                                                              Data Ascii: {Xo],(^{Y{Yo_***0y )UUZ(G{UoKX )UUZ(I{VoLX )UUZ(Z{Wo`X )UUZ(\{XoaX )UUZ(^{YobX*0rYp%{U%q44-&+4oM%{V
                                                                                                                              2024-12-17 21:21:06 UTC1369INData Raw: 2a d2 20 cc f6 e6 99 20 29 55 55 a5 5a 28 47 00 00 0a 02 7b 69 00 00 0a 6f 4b 00 00 0a 58 20 29 55 55 a5 5a 28 49 00 00 0a 02 7b 6a 00 00 0a 6f 4c 00 00 0a 58 2a 00 00 13 30 07 00 62 00 00 00 02 00 00 11 14 72 46 03 00 70 18 8d 11 00 00 01 25 16 02 7b 69 00 00 0a 0a 12 00 25 71 34 00 00 1b 8c 34 00 00 1b 2d 04 26 14 2b 0b fe 16 34 00 00 1b 6f 4d 00 00 0a a2 25 17 02 7b 6a 00 00 0a 0b 12 01 25 71 35 00 00 1b 8c 35 00 00 1b 2d 04 26 14 2b 0b fe 16 35 00 00 1b 6f 4d 00 00 0a a2 28 4e 00 00 0a 2a 1e 02 7b 6b 00 00 0a 2a 1e 02 7b 6c 00 00 0a 2a 56 02 28 46 00 00 0a 02 03 7d 6b 00 00 0a 02 04 7d 6c 00 00 0a 2a 13 30 03 00 41 00 00 00 0c 00 00 11 03 75 44 00 00 1b 0a 02 06 2e 34 06 2c 2f 28 47 00 00 0a 02 7b 6b 00 00 0a 06 7b 6b 00 00 0a 6f 48 00 00 0a 2c 17 28
                                                                                                                              Data Ascii: * )UUZ(G{ioKX )UUZ(I{joLX*0brFp%{i%q44-&+4oM%{j%q55-&+5oM(N*{k*{l*V(F}k}l*0AuD.4,/(G{k{koH,(
                                                                                                                              2024-12-17 21:21:06 UTC1369INData Raw: 00 00 0a 2c 17 28 49 00 00 0a 02 7b 74 00 00 0a 06 7b 74 00 00 0a 6f 4a 00 00 0a 2a 16 2a 17 2a d2 20 e4 8c e4 88 20 29 55 55 a5 5a 28 47 00 00 0a 02 7b 73 00 00 0a 6f 4b 00 00 0a 58 20 29 55 55 a5 5a 28 49 00 00 0a 02 7b 74 00 00 0a 6f 4c 00 00 0a 58 2a 00 00 13 30 07 00 62 00 00 00 02 00 00 11 14 72 45 06 00 70 18 8d 11 00 00 01 25 16 02 7b 73 00 00 0a 0a 12 00 25 71 34 00 00 1b 8c 34 00 00 1b 2d 04 26 14 2b 0b fe 16 34 00 00 1b 6f 4d 00 00 0a a2 25 17 02 7b 74 00 00 0a 0b 12 01 25 71 35 00 00 1b 8c 35 00 00 1b 2d 04 26 14 2b 0b fe 16 35 00 00 1b 6f 4d 00 00 0a a2 28 4e 00 00 0a 2a 1e 02 28 75 00 00 0a 2a 5e 02 28 75 00 00 0a 02 17 8d 32 02 00 01 25 16 03 9c 7d 20 00 00 04 2a 3a 02 28 75 00 00 0a 02 03 7d 20 00 00 04 2a 3a 02 28 75 00 00 0a 02 03 7d 21
                                                                                                                              Data Ascii: ,(I{t{toJ*** )UUZ(G{soKX )UUZ(I{toLX*0brEp%{s%q44-&+4oM%{t%q55-&+5oM(N*(u*^(u2%} *:(u} *:(u}!
                                                                                                                              2024-12-17 21:21:06 UTC1369INData Raw: 00 00 0a 8c ab 00 00 01 a2 25 18 18 73 9d 00 00 0a 8c ab 00 00 01 a2 25 19 19 73 9d 00 00 0a 8c ab 00 00 01 a2 73 3f 02 00 06 a2 25 17 72 1e 07 00 70 1a 8d 9f 00 00 01 25 16 16 73 9e 00 00 0a 8c ac 00 00 01 a2 25 17 17 73 9e 00 00 0a 8c ac 00 00 01 a2 25 18 18 73 9e 00 00 0a 8c ac 00 00 01 a2 25 19 19 73 9e 00 00 0a 8c ac 00 00 01 a2 73 3f 02 00 06 a2 25 18 72 48 07 00 70 19 8d 9f 00 00 01 25 16 1a 73 9f 00 00 0a 8c ad 00 00 01 a2 25 17 1f 0c 73 9f 00 00 0a 8c ad 00 00 01 a2 25 18 1f 24 73 9f 00 00 0a 8c ad 00 00 01 a2 73 3f 02 00 06 a2 25 19 72 88 07 00 70 12 00 fe 15 27 00 00 01 06 8c 27 00 00 01 73 35 02 00 06 a2 2a 00 13 30 06 00 93 00 00 00 14 00 00 11 02 28 a0 00 00 0a 16 6f a1 00 00 0a 02 28 03 00 00 2b 17 fe 01 6f a2 00 00 0a 02 28 a0 00 00 0a 17
                                                                                                                              Data Ascii: %s%ss?%rp%s%s%s%ss?%rHp%s%s%$ss?%rp''s5*0(o(+o(
                                                                                                                              2024-12-17 21:21:06 UTC1369INData Raw: 28 d3 00 00 0a 32 32 04 1a 2e 04 04 1d 33 16 03 03 7b cd 00 00 0a 12 09 28 d3 00 00 0a 59 7d cc 00 00 0a 2b 14 03 03 7b cc 00 00 0a 12 09 28 d3 00 00 0a 58 7d cd 00 00 0a 12 09 28 d2 00 00 0a 02 6f d4 00 00 0a 13 0a 12 0a 28 d2 00 00 0a 32 31 04 1a 2e 04 04 1b 33 15 03 03 7b d1 00 00 0a 12 09 28 d2 00 00 0a 59 7d d0 00 00 0a 2a 03 03 7b d0 00 00 0a 12 09 28 d2 00 00 0a 58 7d d1 00 00 0a 2a 00 00 13 30 03 00 a6 00 00 00 19 00 00 11 02 03 04 28 85 04 00 06 0a 02 28 d5 00 00 0a 3a 90 00 00 00 06 1f 0a 33 1f 0f 01 28 cf 00 00 0a 02 28 d6 00 00 0a 0b 12 01 28 d2 00 00 0a 18 5b 30 03 1f 0d 2a 1f 10 2a 06 1f 0c 33 1f 0f 01 28 cb 00 00 0a 02 28 d6 00 00 0a 0b 12 01 28 d3 00 00 0a 18 5b 30 03 1f 0d 2a 1f 0e 2a 06 1f 0b 33 1f 0f 01 28 cf 00 00 0a 02 28 d6 00 00 0a
                                                                                                                              Data Ascii: (22.3{(Y}+{(X}(o(21.3{(Y}*{(X}*0((:3((([0**3((([0**3((
                                                                                                                              2024-12-17 21:21:06 UTC1369INData Raw: 02 7b 31 00 00 04 2a 22 02 03 7d 31 00 00 04 2a 1e 02 28 f7 00 00 0a 2a 1e 02 7b 32 00 00 04 2a 22 02 03 7d 32 00 00 04 2a 1e 02 28 f7 00 00 0a 2a 22 02 16 28 57 02 00 06 2a 1e 02 7b 33 00 00 04 2a 22 02 03 7d 33 00 00 04 2a 00 13 30 06 00 2b 02 00 00 1e 00 00 11 03 28 e7 04 00 06 6f 84 00 00 0a 03 18 6f f8 00 00 0a 03 19 6f f9 00 00 0a 7e fa 00 00 0a 72 d0 07 00 70 6f fb 00 00 0a 39 29 01 00 00 7e fa 00 00 0a 72 16 08 00 70 28 fc 00 00 0a 0c 08 39 13 01 00 00 08 6f fd 00 00 0a 6c 08 6f fe 00 00 0a 6c 5b 0d 0e 04 13 04 16 13 05 38 ec 00 00 00 11 04 11 05 a3 21 00 00 01 13 06 09 12 06 28 ff 00 00 0a 6c 12 06 28 00 01 00 0a 6c 5b 32 5f 12 06 28 01 01 00 0a 0f 03 28 cb 00 00 0a 59 12 06 28 02 01 00 0a 0f 03 28 cf 00 00 0a 59 6c 23 00 00 00 00 00 00 e0 3f 12
                                                                                                                              Data Ascii: {1*"}1*(*{2*"}2*(*"(W*{3*"}3*0+(ooo~rpo9)~rp(9olol[8!(l(l[2_((Y((Yl#?
                                                                                                                              2024-12-17 21:21:06 UTC1369INData Raw: 00 04 02 7b 4e 00 00 04 02 fe 06 f5 00 00 06 73 1f 01 00 0a 6f 20 01 00 0a 02 7b 4e 00 00 04 17 16 6f 21 01 00 0a 02 73 22 01 00 0a 28 e5 00 00 06 02 72 6e 08 00 70 17 28 23 01 00 0a 7d 49 00 00 04 02 72 90 08 00 70 17 28 23 01 00 0a 73 68 00 00 06 7d 4d 00 00 04 02 7e 98 02 00 04 25 2d 17 26 7e 96 02 00 04 fe 06 14 07 00 06 73 24 01 00 0a 25 80 98 02 00 04 73 25 01 00 0a 7d 53 00 00 04 02 73 26 01 00 0a 7d 80 00 00 04 02 28 ae 00 00 06 02 fe 06 4f 01 00 06 73 27 01 00 0a 6f 28 01 00 0a 02 73 18 04 00 06 28 b5 00 00 06 02 28 b4 00 00 06 02 fe 06 50 01 00 06 73 29 01 00 0a 6f 2a 01 00 0a 02 28 b4 00 00 06 02 fe 06 51 01 00 06 73 2b 01 00 0a 6f 07 04 00 06 02 02 fe 06 f6 00 00 06 73 2c 01 00 0a 02 fe 06 f8 00 00 06 73 2d 01 00 0a 73 2e 01 00 0a 28 b9 00 00
                                                                                                                              Data Ascii: {Nso {No!s"(rnp(#}Irp(#sh}M~%-&~s$%s%}Ss&}(Os'o(s((Ps)o*(Qs+os,s-s.(
                                                                                                                              2024-12-17 21:21:06 UTC1369INData Raw: 00 00 2b 6f 53 01 00 0a 13 07 2b 18 11 07 6f 54 01 00 0a 02 fe 06 00 01 00 06 73 27 01 00 0a 6f 55 01 00 0a 11 07 6f 23 00 00 0a 2d df de 0c 11 07 2c 07 11 07 6f 22 00 00 0a dc 02 28 e0 00 00 06 28 1c 00 00 2b 6f 56 01 00 0a 13 08 2b 18 11 08 6f 57 01 00 0a 02 fe 06 01 01 00 06 73 1f 01 00 0a 6f 20 01 00 0a 11 08 6f 23 00 00 0a 2d df de 0c 11 08 2c 07 11 08 6f 22 00 00 0a dc 02 18 8d 55 02 00 01 25 16 1f 10 9e 25 17 1f 20 9e 7e 9b 02 00 04 25 2d 17 26 7e 96 02 00 04 fe 06 17 07 00 06 73 58 01 00 0a 25 80 9b 02 00 04 28 1d 00 00 2b 28 1e 00 00 2b 28 1f 00 00 2b 7d 43 00 00 04 02 73 5a 01 00 0a 7d 44 00 00 04 7e aa 00 00 0a 6f 5b 01 00 0a 0a 06 39 86 00 00 00 02 73 5c 01 00 0a 7d 46 00 00 04 d0 9f 00 00 01 28 bf 00 00 0a 28 5d 01 00 0a 28 20 00 00 2b 13 09
                                                                                                                              Data Ascii: +oS+oTs'oUo#-,o"((+oV+oWso o#-,o"U%% ~%-&~sX%(+(+(+}CsZ}D~o[9s\}F((]( +


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              12192.168.2.449764104.21.64.14436408C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-17 21:21:09 UTC90OUTGET /Bin/ScreenConnect.Core.dll HTTP/1.1
                                                                                                                              Host: molatoripro.icu
                                                                                                                              Accept-Encoding: gzip
                                                                                                                              2024-12-17 21:21:10 UTC798INHTTP/1.1 200 OK
                                                                                                                              Date: Tue, 17 Dec 2024 21:21:09 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: private
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hDpUMoRrCnzOvTkWhE6qcUonR2HLbn%2FGGa4byGFHkXEIG1erdutm%2Fwoesb%2Bsl3yDQrU4DZplSGe4VGqc8LYwkAAjAg9ZyNf577X5O6EXLLL2TVJ%2FwkTwp6gQ66kCcJYyHxU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f39f612e94d7c6a-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2040&min_rtt=1994&rtt_var=781&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=705&delivery_rate=1464393&cwnd=218&unsent_bytes=0&cid=a0b26eb545afca00&ts=812&x=0"
                                                                                                                              2024-12-17 21:21:10 UTC571INData Raw: 34 30 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 7a fa ad c1 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 58 08 00 00 06 00 00 00 00 00 00 ea 72 08 00 00 20 00 00 00 80 08 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 08 00 00 02 00 00 af 44 09 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00
                                                                                                                              Data Ascii: 4000MZ@!L!This program cannot be run in DOS mode.$PELz" 0Xr D@
                                                                                                                              2024-12-17 21:21:10 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 7b 3a 00 00 0a 2a 1e 02 7b 3b 00 00 0a 2a 56 02 28 3c 00 00 0a 02 03 7d 3a 00 00 0a 02 04 7d 3b 00 00 0a 2a 00 00 13 30 03 00 41 00 00 00 01 00 00 11 03 75 7e 00 00 1b 0a 02 06 2e 34 06 2c 2f 28 3d 00 00 0a 02 7b 3a 00 00 0a 06 7b 3a 00 00 0a 6f 3e 00 00 0a 2c 17 28 3f 00 00 0a 02 7b 3b 00 00 0a 06 7b 3b 00 00 0a 6f 40 00 00 0a 2a 16 2a 17 2a d2 20 1f 0f eb a8 20 29 55 55 a5 5a 28 3d 00 00 0a 02 7b 3a 00 00 0a 6f 41 00 00 0a 58 20 29 55 55 a5 5a 28 3f 00 00 0a 02 7b 3b 00 00 0a 6f 42 00 00 0a 58 2a 00 00 13 30 07 00 62 00 00 00 02 00 00 11 14 72 01 00 00 70 18 8d 0d 00 00 01 25 16 02 7b 3a 00 00 0a 0a 12 00 25 71 81 00 00 1b 8c 81 00 00 1b 2d 04 26 14 2b 0b fe 16 81 00
                                                                                                                              Data Ascii: {:*{;*V(<}:};*0Au~.4,/(={:{:o>,(?{;{;o@*** )UUZ(={:oAX )UUZ(?{;oBX*0brp%{:%q-&+
                                                                                                                              2024-12-17 21:21:10 UTC1369INData Raw: 2b 0b fe 16 81 00 00 1b 6f 43 00 00 0a a2 25 17 02 7b 4c 00 00 0a 0b 12 01 25 71 82 00 00 1b 8c 82 00 00 1b 2d 04 26 14 2b 0b fe 16 82 00 00 1b 6f 43 00 00 0a a2 28 44 00 00 0a 2a 1e 02 28 4d 00 00 0a 2a 1e 02 28 4d 00 00 0a 2a 1e 02 28 4d 00 00 0a 2a 5e 02 28 4d 00 00 0a 02 17 8d b9 00 00 01 25 16 03 9c 7d 0b 00 00 04 2a 3a 02 28 4d 00 00 0a 02 03 7d 0b 00 00 04 2a 3a 02 28 4d 00 00 0a 02 03 7d 0c 00 00 04 2a 3a 02 28 4d 00 00 0a 02 03 7d 0d 00 00 04 2a 4e 03 02 7b 4e 00 00 0a 02 7b 4f 00 00 0a 73 50 00 00 0a 2a 4e 02 7b 51 00 00 0a 02 7b 52 00 00 0a 03 73 50 00 00 0a 2a 66 02 7b 53 00 00 0a 02 7b 54 00 00 0a 02 7b 55 00 00 0a 03 73 56 00 00 0a 2a 7e 02 7b 57 00 00 0a 02 7b 58 00 00 0a 02 7b 59 00 00 0a 02 7b 5a 00 00 0a 03 73 5b 00 00 0a 2a 96 02 7b 5c
                                                                                                                              Data Ascii: +oC%{L%q-&+oC(D*(M*(M*(M*^(M%}*:(M}*:(M}*:(M}*N{N{OsP*N{Q{RsP*f{S{T{UsV*~{W{X{Y{Zs[*{\
                                                                                                                              2024-12-17 21:21:10 UTC1369INData Raw: 0f 03 a5 98 00 00 1b 0a 02 06 28 7a 00 00 0a 2a 16 2a 00 00 00 13 30 02 00 32 00 00 00 09 00 00 11 7f d3 01 00 04 02 7b 77 00 00 0a 28 02 00 00 2b 0a 12 00 02 7b 78 00 00 0a 28 03 00 00 2b 0a 12 00 02 7b 79 00 00 0a 28 04 00 00 2b 28 2c 06 00 06 2a b2 72 44 02 00 70 02 7b 77 00 00 0a 8c 81 00 00 1b 02 7b 78 00 00 0a 8c 82 00 00 1b 02 7b 79 00 00 0a 8c 9b 00 00 1b 28 80 00 00 0a 2a 7a 02 03 7d 81 00 00 0a 02 04 7d 82 00 00 0a 02 05 7d 83 00 00 0a 02 0e 04 7d 84 00 00 0a 2a 26 0f 00 03 28 85 00 00 0a 2a 32 0f 00 03 28 85 00 00 0a 16 fe 01 2a 32 0f 00 03 28 86 00 00 0a 16 fe 04 2a 32 0f 00 03 28 86 00 00 0a 16 fe 02 2a 3e 0f 00 03 28 86 00 00 0a 16 fe 02 16 fe 01 2a 3e 0f 00 03 28 86 00 00 0a 16 fe 04 16 fe 01 2a 00 13 30 03 00 61 00 00 00 00 00 00 00 28 3d
                                                                                                                              Data Ascii: (z**02{w(+{x(+{y(+(,*rDp{w{x{y(*z}}}}*&(*2(*2(*2(*>(*>(*0a(=
                                                                                                                              2024-12-17 21:21:10 UTC1369INData Raw: a2 25 17 02 7b 8d 00 00 0a 8c 82 00 00 1b a2 25 18 02 7b 8e 00 00 0a 8c 9b 00 00 1b a2 25 19 02 7b 8f 00 00 0a 8c 9f 00 00 1b a2 25 1a 02 7b 90 00 00 0a 8c a3 00 00 1b a2 28 8b 00 00 0a 2a ba 02 03 7d 97 00 00 0a 02 04 7d 98 00 00 0a 02 05 7d 99 00 00 0a 02 0e 04 7d 9a 00 00 0a 02 0e 05 7d 9b 00 00 0a 02 0e 06 7d 9c 00 00 0a 2a 26 0f 00 03 28 9d 00 00 0a 2a 32 0f 00 03 28 9d 00 00 0a 16 fe 01 2a 32 0f 00 03 28 9e 00 00 0a 16 fe 04 2a 32 0f 00 03 28 9e 00 00 0a 16 fe 02 2a 3e 0f 00 03 28 9e 00 00 0a 16 fe 02 16 fe 01 2a 3e 0f 00 03 28 9e 00 00 0a 16 fe 04 16 fe 01 2a 00 13 30 03 00 91 00 00 00 00 00 00 00 28 3d 00 00 0a 02 7b 97 00 00 0a 03 7b 97 00 00 0a 6f 3e 00 00 0a 2c 77 28 3f 00 00 0a 02 7b 98 00 00 0a 03 7b 98 00 00 0a 6f 40 00 00 0a 2c 5f 28 7c 00
                                                                                                                              Data Ascii: %{%{%{%{(*}}}}}}*&(*2(*2(*2(*>(*>(*0(={{o>,w(?{{o@,_(|
                                                                                                                              2024-12-17 21:21:10 UTC1369INData Raw: 0a 0a 06 2c 02 06 2a 28 a1 00 00 0a 02 7b a8 00 00 0a 03 7b a8 00 00 0a 6f a2 00 00 0a 0a 06 2c 02 06 2a 28 ae 00 00 0a 02 7b a9 00 00 0a 03 7b a9 00 00 0a 6f af 00 00 0a 0a 06 2a 00 00 00 13 30 02 00 19 00 00 00 0e 00 00 11 03 75 a8 00 00 1b 2c 0f 03 a5 a8 00 00 1b 0a 02 06 28 aa 00 00 0a 2a 16 2a 00 00 00 13 30 02 00 6a 00 00 00 09 00 00 11 7f d3 01 00 04 02 7b a3 00 00 0a 28 02 00 00 2b 0a 12 00 02 7b a4 00 00 0a 28 03 00 00 2b 0a 12 00 02 7b a5 00 00 0a 28 04 00 00 2b 0a 12 00 02 7b a6 00 00 0a 28 05 00 00 2b 0a 12 00 02 7b a7 00 00 0a 28 06 00 00 2b 0a 12 00 02 7b a8 00 00 0a 28 07 00 00 2b 0a 12 00 02 7b a9 00 00 0a 28 08 00 00 2b 28 2c 06 00 06 2a 00 00 13 30 05 00 73 00 00 00 00 00 00 00 72 00 03 00 70 1d 8d 0d 00 00 01 25 16 02 7b a3 00 00 0a 8c
                                                                                                                              Data Ascii: ,*({{o,*({{o*0u,(**0j{(+{(+{(+{(+{(+{(+{(+(,*0srp%{
                                                                                                                              2024-12-17 21:21:10 UTC1369INData Raw: 02 6f c8 00 00 0a 0b 2b 1b 07 6f c9 00 00 0a 0c 06 03 08 6f eb 00 00 0a 04 08 6f ec 00 00 0a 6f ed 00 00 0a 07 6f 11 00 00 0a 2d dd de 0a 07 2c 06 07 6f 10 00 00 0a dc 06 2a 01 10 00 00 02 00 0d 00 27 34 00 0a 00 00 00 00 5a 1f fe 73 ee 00 00 0a 25 02 7d ef 00 00 0a 25 03 7d f0 00 00 0a 2a 3e 1f fe 73 f1 00 00 0a 25 02 7d f2 00 00 0a 2a 5a 1f fe 73 f3 00 00 0a 25 02 7d f4 00 00 0a 25 03 7d f5 00 00 0a 2a 00 00 1b 30 02 00 2c 00 00 00 16 00 00 11 16 0a 02 6f 19 00 00 0a 0b 2b 0b 07 6f 18 00 00 0a 0c 06 08 58 0a 07 6f 11 00 00 0a 2d ed de 0a 07 2c 06 07 6f 10 00 00 0a dc 06 2a 01 10 00 00 02 00 09 00 17 20 00 0a 00 00 00 00 1b 30 03 00 32 00 00 00 17 00 00 11 16 0a 02 6f c8 00 00 0a 0b 2b 11 07 6f c9 00 00 0a 0c 06 03 08 6f f6 00 00 0a 58 0a 07 6f 11 00 00
                                                                                                                              Data Ascii: o+ooooo-,o*'4Zs%}%}*>s%}*Zs%}%}*0,o+oXo-,o* 02o+ooXo
                                                                                                                              2024-12-17 21:21:10 UTC1369INData Raw: 00 02 00 36 00 17 4d 00 0c 00 00 00 00 1b 30 02 00 39 00 00 00 21 00 00 11 12 00 fe 15 8e 00 00 1b 02 6f c8 00 00 0a 0b 2b 12 07 6f c9 00 00 0a 0c 03 08 6f ca 00 00 0a 2c 02 08 0a 07 6f 11 00 00 0a 2d e6 de 0a 07 2c 06 07 6f 10 00 00 0a dc 06 2a 00 00 00 01 10 00 00 02 00 0f 00 1e 2d 00 0a 00 00 00 00 1b 30 02 00 50 00 00 00 22 00 00 11 02 75 b3 00 00 1b 0b 07 2d 0c 02 75 27 00 00 01 0c 08 2d 09 2b 0e 07 6f c6 00 00 0a 2a 08 6f 04 01 00 0a 2a 16 0a 02 6f c8 00 00 0a 0d 2b 0b 09 6f c9 00 00 0a 26 06 17 58 0a 09 6f 11 00 00 0a 2d ed de 0a 09 2c 06 09 6f 10 00 00 0a dc 06 2a 01 10 00 00 02 00 2d 00 17 44 00 0a 00 00 00 00 1b 30 02 00 35 00 00 00 17 00 00 11 16 0a 02 6f c8 00 00 0a 0b 2b 14 07 6f c9 00 00 0a 0c 03 08 6f ca 00 00 0a 2c 04 06 17 58 0a 07 6f 11
                                                                                                                              Data Ascii: 6M09!o+oo,o-,o*-0P"u-u'-+o*o*o+o&Xo-,o*-D05o+oo,Xo
                                                                                                                              2024-12-17 21:21:10 UTC1369INData Raw: 6f 22 01 00 0a 26 02 06 28 37 01 00 06 2c 09 06 1f 20 6f 23 01 00 0a 26 06 1f 7d 6f 23 01 00 0a 26 06 6f 43 00 00 0a 2a d2 03 72 d0 03 00 70 6f 22 01 00 0a 26 03 02 28 31 01 00 06 6f 24 01 00 0a 26 03 72 06 04 00 70 6f 22 01 00 0a 26 03 02 28 33 01 00 06 6f 24 01 00 0a 26 17 2a 2e 02 03 28 39 01 00 06 16 fe 01 2a 26 0f 00 03 28 3c 01 00 06 2a a2 28 25 01 00 0a 02 7b 34 00 00 04 6f 26 01 00 0a 20 29 55 55 a5 5a 28 27 01 00 0a 02 7b 35 00 00 04 6f 28 01 00 0a 58 2a 5e 03 75 39 00 00 02 2c 0d 02 03 a5 39 00 00 02 28 3c 01 00 06 2a 16 2a c6 28 25 01 00 0a 02 7b 34 00 00 04 03 7b 34 00 00 04 6f 29 01 00 0a 2c 17 28 27 01 00 0a 02 7b 35 00 00 04 03 7b 35 00 00 04 6f 2a 01 00 0a 2a 16 2a 76 02 73 3c 00 00 0a 7d 36 00 00 04 02 28 3c 00 00 0a 02 28 10 00 00 2b 7d
                                                                                                                              Data Ascii: o"&(7, o#&}o#&oC*rpo"&(1o$&rpo"&(3o$&*.(9*&(<*(%{4o& )UUZ('{5o(X*^u9,9(<**(%{4{4o),('{5{5o***vs<}6(<(+}
                                                                                                                              2024-12-17 21:21:10 UTC1369INData Raw: 05 00 04 25 2d 13 26 14 fe 06 43 01 00 0a 73 44 01 00 0a 25 80 10 05 00 04 16 28 1c 00 00 2b 28 1d 00 00 2b 28 1e 00 00 2b 28 1f 00 00 2b 2a 5a 7e 45 00 00 04 02 28 20 00 00 2b 28 21 00 00 2b 80 45 00 00 04 2a ae 73 8a 0d 00 06 25 02 7d 1a 05 00 04 25 03 7d 1b 05 00 04 25 04 7d 1c 05 00 04 fe 06 8b 0d 00 06 73 45 01 00 0a 28 63 01 00 06 2a 76 73 8c 0d 00 06 25 02 7d 1d 05 00 04 fe 06 8d 0d 00 06 73 45 01 00 0a 28 63 01 00 06 2a ae 73 8e 0d 00 06 25 02 7d 1e 05 00 04 25 03 7d 1f 05 00 04 25 04 7d 20 05 00 04 fe 06 8f 0d 00 06 73 45 01 00 0a 28 63 01 00 06 2a 5a 1f fe 73 90 0d 00 06 25 02 7d 25 05 00 04 25 03 7d 27 05 00 04 2a 13 30 03 00 2f 00 00 00 2d 00 00 11 73 86 0d 00 06 0a 06 02 7d 18 05 00 04 06 7b 18 05 00 04 6f 46 01 00 0a 28 c2 09 00 06 06 fe 06
                                                                                                                              Data Ascii: %-&CsD%(+(+(+(+*Z~E( +(!+E*s%}%}%}sE(c*vs%}sE(c*s%}%}%} sE(c*Zs%}%%}'*0/-s}{oF(


                                                                                                                              Click to jump to process

                                                                                                                              Click to jump to process

                                                                                                                              Click to dive into process behavior distribution

                                                                                                                              Click to jump to process

                                                                                                                              Target ID:0
                                                                                                                              Start time:16:20:21
                                                                                                                              Start date:17/12/2024
                                                                                                                              Path:C:\Users\user\Desktop\support.Client.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Users\user\Desktop\support.Client.exe"
                                                                                                                              Imagebase:0x730000
                                                                                                                              File size:83'168 bytes
                                                                                                                              MD5 hash:EE1EC692C5F029EF3AAA57AB58DB0F8C
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              Target ID:1
                                                                                                                              Start time:16:20:21
                                                                                                                              Start date:17/12/2024
                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
                                                                                                                              Imagebase:0x2c1b5580000
                                                                                                                              File size:24'856 bytes
                                                                                                                              MD5 hash:B4088F44B80D363902E11F897A7BAC09
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000001.00000002.2532633706.000002C1B75CF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              Reputation:moderate
                                                                                                                              Has exited:true

                                                                                                                              Target ID:4
                                                                                                                              Start time:16:20:22
                                                                                                                              Start date:17/12/2024
                                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 704
                                                                                                                              Imagebase:0x2c0000
                                                                                                                              File size:483'680 bytes
                                                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              Target ID:9
                                                                                                                              Start time:16:21:12
                                                                                                                              Start date:17/12/2024
                                                                                                                              Path:C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Apps\2.0\YNBJMDH4.XH1\R5H1VOCL.PZC\scre..tion_25b0fbb6ef7eb094_0018.0002_3684cff754279a2f\ScreenConnect.WindowsClient.exe"
                                                                                                                              Imagebase:0x9e0000
                                                                                                                              File size:601'376 bytes
                                                                                                                              MD5 hash:20AB8141D958A58AADE5E78671A719BF
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000009.00000000.2198215556.00000000009E2000.00000002.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                              Reputation:moderate
                                                                                                                              Has exited:false

                                                                                                                              Reset < >

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:2.3%
                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                Signature Coverage:3.1%
                                                                                                                                Total number of Nodes:1457
                                                                                                                                Total number of Limit Nodes:4
                                                                                                                                execution_graph 6365 738df1 6366 738e15 6365->6366 6367 738e2e 6366->6367 6369 739beb __startOneArgErrorHandling 6366->6369 6368 738e78 6367->6368 6370 7399d3 16 API calls 6367->6370 6372 739c2d __startOneArgErrorHandling 6369->6372 6373 73a1c4 6369->6373 6370->6368 6374 73a1fd __startOneArgErrorHandling 6373->6374 6376 73a224 __startOneArgErrorHandling 6374->6376 6382 73a495 6374->6382 6377 73a267 6376->6377 6378 73a242 6376->6378 6393 73a786 6377->6393 6386 73a7b5 6378->6386 6381 73a262 __startOneArgErrorHandling _ValidateLocalCookies 6381->6372 6383 73a4c0 __raise_exc 6382->6383 6384 73a6b9 RaiseException 6383->6384 6385 73a6d1 6384->6385 6385->6376 6387 73a7c4 6386->6387 6388 73a838 __startOneArgErrorHandling 6387->6388 6389 73a7e3 __startOneArgErrorHandling 6387->6389 6390 73a786 __startOneArgErrorHandling 15 API calls 6388->6390 6391 73a786 __startOneArgErrorHandling 15 API calls 6389->6391 6392 73a831 6389->6392 6390->6392 6391->6392 6392->6381 6394 73a7a8 6393->6394 6397 73a793 6393->6397 6395 7347f9 _free 15 API calls 6394->6395 6396 73a7ad 6395->6396 6396->6381 6397->6396 6398 7347f9 _free 15 API calls 6397->6398 6399 73a7a0 6398->6399 6399->6381 6561 734ab7 6566 734c8a 6561->6566 6564 734869 _free 15 API calls 6565 734aca 6564->6565 6571 734cbf 6566->6571 6569 734ac1 6569->6564 6570 734869 _free 15 API calls 6570->6569 6572 734cd1 6571->6572 6581 734c98 6571->6581 6573 734d01 6572->6573 6574 734cd6 6572->6574 6576 73681b 24 API calls 6573->6576 6573->6581 6575 73480c _abort 15 API calls 6574->6575 6577 734cdf 6575->6577 6579 734d1c 6576->6579 6578 734869 _free 15 API calls 6577->6578 6578->6581 6580 734869 _free 15 API calls 6579->6580 6580->6581 6581->6569 6581->6570 6582 7371b5 6583 7371bd 6582->6583 6584 733f72 __fassign 33 API calls 6583->6584 6588 7371da 6583->6588 6585 7371fa 6584->6585 6585->6588 6594 7381b5 6585->6594 6589 73726e MultiByteToWideChar 6589->6588 6591 73725e 6589->6591 6590 73722e 6590->6591 6593 73723c MultiByteToWideChar 6590->6593 6591->6588 6592 7347f9 _free 15 API calls 6591->6592 6592->6588 6593->6588 6593->6591 6595 733f72 __fassign 33 API calls 6594->6595 6596 737228 6595->6596 6596->6589 6596->6590 6597 733eb5 6598 733eb8 6597->6598 6599 733f24 _abort 33 API calls 6598->6599 6600 733ec4 6599->6600 6400 731ff4 6403 732042 6400->6403 6404 731fff 6403->6404 6405 73204b 6403->6405 6405->6404 6412 7323c3 6405->6412 6408 7323c3 43 API calls 6409 732091 6408->6409 6410 733e89 33 API calls 6409->6410 6411 732099 6410->6411 6426 7323d1 6412->6426 6414 7323c8 6415 732086 6414->6415 6416 736b14 _abort 2 API calls 6414->6416 6415->6408 6417 733f29 6416->6417 6418 733f35 6417->6418 6419 736b6f _abort 33 API calls 6417->6419 6420 733f5c 6418->6420 6421 733f3e IsProcessorFeaturePresent 6418->6421 6419->6418 6423 733793 _abort 23 API calls 6420->6423 6422 733f49 6421->6422 6424 734573 _abort 3 API calls 6422->6424 6425 733f66 6423->6425 6424->6420 6427 7323da 6426->6427 6428 7323dd GetLastError 6426->6428 6427->6414 6438 7326a4 6428->6438 6431 732457 SetLastError 6431->6414 6432 7326df ___vcrt_FlsSetValue 6 API calls 6433 73240b 6432->6433 6434 732433 6433->6434 6435 7326df ___vcrt_FlsSetValue 6 API calls 6433->6435 6437 732411 6433->6437 6436 7326df ___vcrt_FlsSetValue 6 API calls 6434->6436 6434->6437 6435->6434 6436->6437 6437->6431 6439 732543 ___vcrt_FlsGetValue 5 API calls 6438->6439 6440 7326be 6439->6440 6441 7326d6 TlsGetValue 6440->6441 6442 7323f2 6440->6442 6441->6442 6442->6431 6442->6432 6442->6437 6443 7312fb 6448 731aac SetUnhandledExceptionFilter 6443->6448 6445 731300 6449 7338f9 6445->6449 6447 73130b 6448->6445 6450 733905 6449->6450 6451 73391f 6449->6451 6450->6451 6452 7347f9 _free 15 API calls 6450->6452 6451->6447 6453 73390f 6452->6453 6454 73473d _abort 21 API calls 6453->6454 6455 73391a 6454->6455 6455->6447 6601 7314bb IsProcessorFeaturePresent 6602 7314d0 6601->6602 6605 731493 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 6602->6605 6604 7315b3 6605->6604 6606 7379bb 6610 73790a 6606->6610 6607 73791f 6608 7347f9 _free 15 API calls 6607->6608 6609 737924 6607->6609 6611 73794a 6608->6611 6610->6607 6610->6609 6613 73795b 6610->6613 6612 73473d _abort 21 API calls 6611->6612 6612->6609 6613->6609 6614 7347f9 _free 15 API calls 6613->6614 6614->6611 6615 731ab8 6616 731aef 6615->6616 6617 731aca 6615->6617 6617->6616 6624 73209a 6617->6624 6622 733e89 33 API calls 6623 731b0d 6622->6623 6625 7323c3 43 API calls 6624->6625 6626 731afc 6625->6626 6627 7320a3 6626->6627 6628 7323c3 43 API calls 6627->6628 6629 731b06 6628->6629 6629->6622 5888 73383f 5889 73384b ___scrt_is_nonwritable_in_current_image 5888->5889 5890 733882 _abort 5889->5890 5896 7356e2 EnterCriticalSection 5889->5896 5892 73385f 5893 7367cb __fassign 15 API calls 5892->5893 5894 73386f 5893->5894 5897 733888 5894->5897 5896->5892 5900 73572a LeaveCriticalSection 5897->5900 5899 73388f 5899->5890 5900->5899 6456 738ce1 6457 738d01 6456->6457 6460 738d38 6457->6460 6459 738d2b 6461 738d3f 6460->6461 6462 738da0 6461->6462 6466 738d5f 6461->6466 6464 73988e 6462->6464 6469 739997 6462->6469 6464->6459 6466->6464 6467 739997 16 API calls 6466->6467 6468 7398be 6467->6468 6468->6459 6470 7399a0 6469->6470 6473 73a06f 6470->6473 6472 738dee 6472->6459 6475 73a0ae __startOneArgErrorHandling 6473->6475 6477 73a130 __startOneArgErrorHandling 6475->6477 6479 73a472 6475->6479 6476 73a786 __startOneArgErrorHandling 15 API calls 6478 73a166 _ValidateLocalCookies 6476->6478 6477->6476 6477->6478 6478->6472 6480 73a495 __raise_exc RaiseException 6479->6480 6481 73a490 6480->6481 6481->6477 6630 7356a1 6632 7356ac 6630->6632 6631 7359b3 6 API calls 6631->6632 6632->6631 6633 7356d5 6632->6633 6634 7356d1 6632->6634 6636 7356f9 6633->6636 6637 735725 6636->6637 6638 735706 6636->6638 6637->6634 6639 735710 DeleteCriticalSection 6638->6639 6639->6637 6639->6639 5609 739160 5612 73917e 5609->5612 5611 739176 5616 739183 5612->5616 5614 7393af 5614->5611 5615 739218 5615->5611 5616->5615 5617 7399d3 5616->5617 5618 7399f0 DecodePointer 5617->5618 5620 739a00 5617->5620 5618->5620 5619 739a8d 5621 739a82 _ValidateLocalCookies 5619->5621 5622 7347f9 _free 15 API calls 5619->5622 5620->5619 5620->5621 5623 739a37 5620->5623 5621->5614 5622->5621 5623->5621 5624 7347f9 _free 15 API calls 5623->5624 5624->5621 6640 734ba0 6641 734bac 6640->6641 6642 734bb6 FindClose 6641->6642 6643 734bbd _ValidateLocalCookies 6641->6643 6642->6643 5901 736026 5902 73602b 5901->5902 5904 73604e 5902->5904 5905 735c56 5902->5905 5906 735c63 5905->5906 5907 735c85 5905->5907 5908 735c71 DeleteCriticalSection 5906->5908 5909 735c7f 5906->5909 5907->5902 5908->5908 5908->5909 5910 734869 _free 15 API calls 5909->5910 5910->5907 6644 735ba6 6645 735bd7 6644->6645 6647 735bb1 6644->6647 6646 735bc1 FreeLibrary 6646->6647 6647->6645 6647->6646 5625 734c65 5626 734c6f 5625->5626 5627 734c7f 5626->5627 5629 734869 _free 15 API calls 5626->5629 5628 734869 _free 15 API calls 5627->5628 5630 734c86 5628->5630 5629->5626 6482 7333e5 6483 7333f7 6482->6483 6485 7333fd 6482->6485 6484 733376 15 API calls 6483->6484 6484->6485 6486 739beb 6487 739c04 __startOneArgErrorHandling 6486->6487 6488 73a1c4 16 API calls 6487->6488 6489 739c2d __startOneArgErrorHandling 6487->6489 6488->6489 5911 73142e 5914 732cf0 5911->5914 5913 73143f 5915 7344a8 _free 15 API calls 5914->5915 5916 732d07 _ValidateLocalCookies 5915->5916 5916->5913 5917 73452d 5925 735858 5917->5925 5919 734537 5920 734541 5919->5920 5921 7344a8 _free 15 API calls 5919->5921 5922 734549 5921->5922 5923 734556 5922->5923 5930 734559 5922->5930 5926 735741 _abort 5 API calls 5925->5926 5927 73587f 5926->5927 5928 735897 TlsAlloc 5927->5928 5929 735888 _ValidateLocalCookies 5927->5929 5928->5929 5929->5919 5931 734563 5930->5931 5933 734569 5930->5933 5934 7358ae 5931->5934 5933->5920 5935 735741 _abort 5 API calls 5934->5935 5936 7358d5 5935->5936 5937 7358ed TlsFree 5936->5937 5938 7358e1 _ValidateLocalCookies 5936->5938 5937->5938 5938->5933 5939 734c2c 5940 734c4a 5939->5940 5943 734bb1 5939->5943 5945 737570 5940->5945 5942 734bb6 FindClose 5944 734bbd _ValidateLocalCookies 5942->5944 5943->5942 5943->5944 5946 7375a9 5945->5946 5947 7347f9 _free 15 API calls 5946->5947 5951 7375d5 _ValidateLocalCookies 5946->5951 5948 7375b2 5947->5948 5949 73473d _abort 21 API calls 5948->5949 5950 7375bd _ValidateLocalCookies 5949->5950 5950->5943 5951->5943 5631 732f53 5632 732f62 5631->5632 5633 732f7e 5631->5633 5632->5633 5634 732f68 5632->5634 5635 73522b 46 API calls 5633->5635 5636 7347f9 _free 15 API calls 5634->5636 5637 732f85 GetModuleFileNameA 5635->5637 5638 732f6d 5636->5638 5639 732fa9 5637->5639 5640 73473d _abort 21 API calls 5638->5640 5654 733077 5639->5654 5641 732f77 5640->5641 5646 732fe8 5649 733077 33 API calls 5646->5649 5647 732fdc 5648 7347f9 _free 15 API calls 5647->5648 5653 732fe1 5648->5653 5651 732ffe 5649->5651 5650 734869 _free 15 API calls 5650->5641 5652 734869 _free 15 API calls 5651->5652 5651->5653 5652->5653 5653->5650 5656 73309c 5654->5656 5655 7355b6 33 API calls 5655->5656 5656->5655 5658 7330fc 5656->5658 5657 732fc6 5660 7331ec 5657->5660 5658->5657 5659 7355b6 33 API calls 5658->5659 5659->5658 5661 732fd3 5660->5661 5662 733201 5660->5662 5661->5646 5661->5647 5662->5661 5663 73480c _abort 15 API calls 5662->5663 5664 73322f 5663->5664 5665 734869 _free 15 API calls 5664->5665 5665->5661 6648 736893 GetProcessHeap 5666 737351 5667 73735e 5666->5667 5668 73480c _abort 15 API calls 5667->5668 5669 737378 5668->5669 5670 734869 _free 15 API calls 5669->5670 5671 737384 5670->5671 5672 73480c _abort 15 API calls 5671->5672 5676 7373aa 5671->5676 5673 73739e 5672->5673 5675 734869 _free 15 API calls 5673->5675 5675->5676 5677 7373b6 5676->5677 5678 7359b3 5676->5678 5679 735741 _abort 5 API calls 5678->5679 5680 7359da 5679->5680 5681 7359f8 InitializeCriticalSectionAndSpinCount 5680->5681 5682 7359e3 _ValidateLocalCookies 5680->5682 5681->5682 5682->5676 5952 737a10 5955 737a27 5952->5955 5956 737a35 5955->5956 5957 737a49 5955->5957 5959 7347f9 _free 15 API calls 5956->5959 5958 737a51 5957->5958 5961 737a63 5957->5961 5960 7347f9 _free 15 API calls 5958->5960 5962 737a3a 5959->5962 5964 737a56 5960->5964 5965 733f72 __fassign 33 API calls 5961->5965 5967 737a22 5961->5967 5963 73473d _abort 21 API calls 5962->5963 5963->5967 5966 73473d _abort 21 API calls 5964->5966 5965->5967 5966->5967 6490 735fd0 6491 735fdc ___scrt_is_nonwritable_in_current_image 6490->6491 6502 7356e2 EnterCriticalSection 6491->6502 6493 735fe3 6503 735c8b 6493->6503 6495 735ff2 6496 736001 6495->6496 6516 735e64 GetStartupInfoW 6495->6516 6527 73601d 6496->6527 6500 736012 _abort 6502->6493 6504 735c97 ___scrt_is_nonwritable_in_current_image 6503->6504 6505 735ca4 6504->6505 6506 735cbb 6504->6506 6507 7347f9 _free 15 API calls 6505->6507 6530 7356e2 EnterCriticalSection 6506->6530 6509 735ca9 6507->6509 6510 73473d _abort 21 API calls 6509->6510 6512 735cb3 _abort 6510->6512 6511 735cf3 6538 735d1a 6511->6538 6512->6495 6515 735cc7 6515->6511 6531 735bdc 6515->6531 6517 735e81 6516->6517 6518 735f13 6516->6518 6517->6518 6519 735c8b 22 API calls 6517->6519 6522 735f1a 6518->6522 6520 735eaa 6519->6520 6520->6518 6521 735ed8 GetFileType 6520->6521 6521->6520 6524 735f21 6522->6524 6523 735f64 GetStdHandle 6523->6524 6524->6523 6525 735fcc 6524->6525 6526 735f77 GetFileType 6524->6526 6525->6496 6526->6524 6542 73572a LeaveCriticalSection 6527->6542 6529 736024 6529->6500 6530->6515 6532 73480c _abort 15 API calls 6531->6532 6534 735bee 6532->6534 6533 735bfb 6535 734869 _free 15 API calls 6533->6535 6534->6533 6536 7359b3 6 API calls 6534->6536 6537 735c4d 6535->6537 6536->6534 6537->6515 6541 73572a LeaveCriticalSection 6538->6541 6540 735d21 6540->6512 6541->6540 6542->6529 5968 737419 5978 737fb2 5968->5978 5972 737426 5991 73828e 5972->5991 5975 737450 5976 734869 _free 15 API calls 5975->5976 5977 73745b 5976->5977 5995 737fbb 5978->5995 5980 737421 5981 7381ee 5980->5981 5982 7381fa ___scrt_is_nonwritable_in_current_image 5981->5982 6015 7356e2 EnterCriticalSection 5982->6015 5984 738270 6029 738285 5984->6029 5985 738205 5985->5984 5987 738244 DeleteCriticalSection 5985->5987 6016 73901c 5985->6016 5990 734869 _free 15 API calls 5987->5990 5988 73827c _abort 5988->5972 5990->5985 5992 7382a4 5991->5992 5993 737435 DeleteCriticalSection 5991->5993 5992->5993 5994 734869 _free 15 API calls 5992->5994 5993->5972 5993->5975 5994->5993 5996 737fc7 ___scrt_is_nonwritable_in_current_image 5995->5996 6005 7356e2 EnterCriticalSection 5996->6005 5998 73806a 6010 73808a 5998->6010 6001 738076 _abort 6001->5980 6003 737f6b 61 API calls 6004 737fd6 6003->6004 6004->5998 6004->6003 6006 737465 EnterCriticalSection 6004->6006 6007 738060 6004->6007 6005->6004 6006->6004 6013 737479 LeaveCriticalSection 6007->6013 6009 738068 6009->6004 6014 73572a LeaveCriticalSection 6010->6014 6012 738091 6012->6001 6013->6009 6014->6012 6015->5985 6017 739028 ___scrt_is_nonwritable_in_current_image 6016->6017 6018 739039 6017->6018 6019 73904e 6017->6019 6020 7347f9 _free 15 API calls 6018->6020 6028 739049 _abort 6019->6028 6032 737465 EnterCriticalSection 6019->6032 6021 73903e 6020->6021 6023 73473d _abort 21 API calls 6021->6023 6023->6028 6024 73906a 6033 738fa6 6024->6033 6026 739075 6049 739092 6026->6049 6028->5985 6287 73572a LeaveCriticalSection 6029->6287 6031 73828c 6031->5988 6032->6024 6034 738fb3 6033->6034 6035 738fc8 6033->6035 6036 7347f9 _free 15 API calls 6034->6036 6040 738fc3 6035->6040 6052 737f05 6035->6052 6038 738fb8 6036->6038 6039 73473d _abort 21 API calls 6038->6039 6039->6040 6040->6026 6042 73828e 15 API calls 6043 738fe4 6042->6043 6058 73732b 6043->6058 6045 738fea 6065 739d4e 6045->6065 6048 734869 _free 15 API calls 6048->6040 6286 737479 LeaveCriticalSection 6049->6286 6051 73909a 6051->6028 6053 737f1d 6052->6053 6054 737f19 6052->6054 6053->6054 6055 73732b 21 API calls 6053->6055 6054->6042 6056 737f3d 6055->6056 6080 7389a7 6056->6080 6059 737337 6058->6059 6060 73734c 6058->6060 6061 7347f9 _free 15 API calls 6059->6061 6060->6045 6062 73733c 6061->6062 6063 73473d _abort 21 API calls 6062->6063 6064 737347 6063->6064 6064->6045 6066 739d72 6065->6066 6067 739d5d 6065->6067 6069 739dad 6066->6069 6073 739d99 6066->6073 6068 7347e6 __dosmaperr 15 API calls 6067->6068 6070 739d62 6068->6070 6071 7347e6 __dosmaperr 15 API calls 6069->6071 6072 7347f9 _free 15 API calls 6070->6072 6074 739db2 6071->6074 6078 738ff0 6072->6078 6243 739d26 6073->6243 6076 7347f9 _free 15 API calls 6074->6076 6077 739dba 6076->6077 6079 73473d _abort 21 API calls 6077->6079 6078->6040 6078->6048 6079->6078 6081 7389b3 ___scrt_is_nonwritable_in_current_image 6080->6081 6082 7389d3 6081->6082 6083 7389bb 6081->6083 6084 738a71 6082->6084 6089 738a08 6082->6089 6105 7347e6 6083->6105 6086 7347e6 __dosmaperr 15 API calls 6084->6086 6088 738a76 6086->6088 6092 7347f9 _free 15 API calls 6088->6092 6108 735d23 EnterCriticalSection 6089->6108 6090 7347f9 _free 15 API calls 6091 7389c8 _abort 6090->6091 6091->6054 6094 738a7e 6092->6094 6096 73473d _abort 21 API calls 6094->6096 6095 738a0e 6097 738a2a 6095->6097 6098 738a3f 6095->6098 6096->6091 6099 7347f9 _free 15 API calls 6097->6099 6109 738a92 6098->6109 6101 738a2f 6099->6101 6102 7347e6 __dosmaperr 15 API calls 6101->6102 6103 738a3a 6102->6103 6158 738a69 6103->6158 6106 7344a8 _free 15 API calls 6105->6106 6107 7347eb 6106->6107 6107->6090 6108->6095 6110 738ac0 6109->6110 6146 738ab9 _ValidateLocalCookies 6109->6146 6111 738ae3 6110->6111 6112 738ac4 6110->6112 6114 738b34 6111->6114 6115 738b17 6111->6115 6113 7347e6 __dosmaperr 15 API calls 6112->6113 6116 738ac9 6113->6116 6118 738b4a 6114->6118 6161 738f8b 6114->6161 6117 7347e6 __dosmaperr 15 API calls 6115->6117 6119 7347f9 _free 15 API calls 6116->6119 6120 738b1c 6117->6120 6164 738637 6118->6164 6122 738ad0 6119->6122 6125 7347f9 _free 15 API calls 6120->6125 6126 73473d _abort 21 API calls 6122->6126 6129 738b24 6125->6129 6126->6146 6127 738b91 6133 738ba5 6127->6133 6134 738beb WriteFile 6127->6134 6128 738b58 6130 738b7e 6128->6130 6131 738b5c 6128->6131 6132 73473d _abort 21 API calls 6129->6132 6176 738417 GetConsoleCP 6130->6176 6135 738c52 6131->6135 6171 7385ca 6131->6171 6132->6146 6138 738bdb 6133->6138 6139 738bad 6133->6139 6137 738c0e GetLastError 6134->6137 6142 738b74 6134->6142 6135->6146 6147 7347f9 _free 15 API calls 6135->6147 6137->6142 6196 7386ad 6138->6196 6143 738bb2 6139->6143 6144 738bcb 6139->6144 6142->6135 6142->6146 6149 738c2e 6142->6149 6143->6135 6185 73878c 6143->6185 6190 73887a 6144->6190 6146->6103 6148 738c77 6147->6148 6151 7347e6 __dosmaperr 15 API calls 6148->6151 6152 738c35 6149->6152 6153 738c49 6149->6153 6151->6146 6155 7347f9 _free 15 API calls 6152->6155 6201 7347c3 6153->6201 6156 738c3a 6155->6156 6157 7347e6 __dosmaperr 15 API calls 6156->6157 6157->6146 6242 735d46 LeaveCriticalSection 6158->6242 6160 738a6f 6160->6091 6206 738f0d 6161->6206 6228 737eaf 6164->6228 6166 738647 6167 73864c 6166->6167 6168 734424 _abort 33 API calls 6166->6168 6167->6127 6167->6128 6169 73866f 6168->6169 6169->6167 6170 73868d GetConsoleMode 6169->6170 6170->6167 6173 7385ef 6171->6173 6174 738624 6171->6174 6172 738626 GetLastError 6172->6174 6173->6172 6173->6174 6175 739101 WriteConsoleW CreateFileW 6173->6175 6174->6142 6175->6173 6177 73858c _ValidateLocalCookies 6176->6177 6183 73847a 6176->6183 6177->6142 6179 7372b7 35 API calls __fassign 6179->6183 6180 738500 WideCharToMultiByte 6180->6177 6181 738526 WriteFile 6180->6181 6182 7385af GetLastError 6181->6182 6181->6183 6182->6177 6183->6177 6183->6179 6183->6180 6184 738557 WriteFile 6183->6184 6237 736052 6183->6237 6184->6182 6184->6183 6187 73879b 6185->6187 6186 738819 WriteFile 6186->6187 6188 73885f GetLastError 6186->6188 6187->6186 6189 73885d _ValidateLocalCookies 6187->6189 6188->6189 6189->6142 6195 738889 6190->6195 6191 738994 _ValidateLocalCookies 6191->6142 6192 73890b WideCharToMultiByte 6193 738940 WriteFile 6192->6193 6194 73898c GetLastError 6192->6194 6193->6194 6193->6195 6194->6191 6195->6191 6195->6192 6195->6193 6197 7386bc 6196->6197 6198 73872e WriteFile 6197->6198 6199 73876f _ValidateLocalCookies 6197->6199 6198->6197 6200 738771 GetLastError 6198->6200 6199->6142 6200->6199 6202 7347e6 __dosmaperr 15 API calls 6201->6202 6203 7347ce _free 6202->6203 6204 7347f9 _free 15 API calls 6203->6204 6205 7347e1 6204->6205 6205->6146 6215 735dfa 6206->6215 6208 738f1f 6209 738f27 6208->6209 6210 738f38 SetFilePointerEx 6208->6210 6211 7347f9 _free 15 API calls 6209->6211 6212 738f50 GetLastError 6210->6212 6213 738f2c 6210->6213 6211->6213 6214 7347c3 __dosmaperr 15 API calls 6212->6214 6213->6118 6214->6213 6216 735e07 6215->6216 6217 735e1c 6215->6217 6218 7347e6 __dosmaperr 15 API calls 6216->6218 6220 7347e6 __dosmaperr 15 API calls 6217->6220 6223 735e41 6217->6223 6219 735e0c 6218->6219 6222 7347f9 _free 15 API calls 6219->6222 6221 735e4c 6220->6221 6224 7347f9 _free 15 API calls 6221->6224 6226 735e14 6222->6226 6223->6208 6225 735e54 6224->6225 6227 73473d _abort 21 API calls 6225->6227 6226->6208 6227->6226 6229 737ec9 6228->6229 6230 737ebc 6228->6230 6233 737ed5 6229->6233 6234 7347f9 _free 15 API calls 6229->6234 6231 7347f9 _free 15 API calls 6230->6231 6232 737ec1 6231->6232 6232->6166 6233->6166 6235 737ef6 6234->6235 6236 73473d _abort 21 API calls 6235->6236 6236->6232 6238 734424 _abort 33 API calls 6237->6238 6239 73605d 6238->6239 6240 7372d1 __fassign 33 API calls 6239->6240 6241 73606d 6240->6241 6241->6183 6242->6160 6246 739ca4 6243->6246 6245 739d4a 6245->6078 6247 739cb0 ___scrt_is_nonwritable_in_current_image 6246->6247 6257 735d23 EnterCriticalSection 6247->6257 6249 739cbe 6250 739cf0 6249->6250 6251 739ce5 6249->6251 6253 7347f9 _free 15 API calls 6250->6253 6258 739dcd 6251->6258 6254 739ceb 6253->6254 6273 739d1a 6254->6273 6256 739d0d _abort 6256->6245 6257->6249 6259 735dfa 21 API calls 6258->6259 6262 739ddd 6259->6262 6260 739de3 6276 735d69 6260->6276 6262->6260 6263 739e15 6262->6263 6266 735dfa 21 API calls 6262->6266 6263->6260 6264 735dfa 21 API calls 6263->6264 6267 739e21 CloseHandle 6264->6267 6269 739e0c 6266->6269 6267->6260 6270 739e2d GetLastError 6267->6270 6268 739e5d 6268->6254 6272 735dfa 21 API calls 6269->6272 6270->6260 6271 7347c3 __dosmaperr 15 API calls 6271->6268 6272->6263 6285 735d46 LeaveCriticalSection 6273->6285 6275 739d24 6275->6256 6277 735d78 6276->6277 6278 735ddf 6276->6278 6277->6278 6284 735da2 6277->6284 6279 7347f9 _free 15 API calls 6278->6279 6280 735de4 6279->6280 6281 7347e6 __dosmaperr 15 API calls 6280->6281 6282 735dcf 6281->6282 6282->6268 6282->6271 6283 735dc9 SetStdHandle 6283->6282 6284->6282 6284->6283 6285->6275 6286->6051 6287->6031 5683 73365d 5686 733e89 5683->5686 5687 733e95 _abort 5686->5687 5688 734424 _abort 33 API calls 5687->5688 5689 733e9a 5688->5689 5690 733f24 _abort 33 API calls 5689->5690 5691 733ec4 5690->5691 6288 737d1c 6289 73522b 46 API calls 6288->6289 6290 737d21 6289->6290 6543 739ec3 6544 739ed9 6543->6544 6545 739ecd 6543->6545 6545->6544 6546 739ed2 CloseHandle 6545->6546 6546->6544 5692 731442 5693 731a6a GetModuleHandleW 5692->5693 5694 73144a 5693->5694 5695 731480 5694->5695 5696 73144e 5694->5696 5698 733793 _abort 23 API calls 5695->5698 5697 731459 5696->5697 5701 733775 5696->5701 5700 731488 5698->5700 5702 73355e _abort 23 API calls 5701->5702 5703 733780 5702->5703 5703->5697 5704 733d41 5707 73341b 5704->5707 5708 73342a 5707->5708 5713 733376 5708->5713 5711 733376 15 API calls 5712 73344f 5711->5712 5714 733383 5713->5714 5715 7333a0 5713->5715 5716 73339a 5714->5716 5717 734869 _free 15 API calls 5714->5717 5715->5711 5718 734869 _free 15 API calls 5716->5718 5717->5714 5718->5715 6295 731e00 6299 731e1e ___except_validate_context_record _ValidateLocalCookies __IsNonwritableInCurrentImage 6295->6299 6296 731e9e _ValidateLocalCookies 6298 731f27 _ValidateLocalCookies 6299->6296 6300 732340 RtlUnwind 6299->6300 6300->6298 5719 739146 IsProcessorFeaturePresent 6649 733d86 6650 731f7d ___scrt_uninitialize_crt 7 API calls 6649->6650 6651 733d8d 6650->6651 6547 7398c5 6551 7398ed 6547->6551 6548 739925 6549 739917 6552 739997 16 API calls 6549->6552 6550 73991e 6556 739980 6550->6556 6551->6548 6551->6549 6551->6550 6554 73991c 6552->6554 6557 7399a0 6556->6557 6558 73a06f __startOneArgErrorHandling 16 API calls 6557->6558 6559 739923 6558->6559 6652 731489 6655 731853 6652->6655 6654 73148e 6654->6654 6656 731869 6655->6656 6658 731872 6656->6658 6659 731806 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 6656->6659 6658->6654 6659->6658 5720 731248 5721 731250 5720->5721 5737 7337f7 5721->5737 5723 73125b 5744 731664 5723->5744 5725 731270 __RTC_Initialize 5735 7312cd 5725->5735 5750 7317f1 5725->5750 5726 73191f 4 API calls 5727 7312f2 5726->5727 5729 731289 5729->5735 5753 7318ab InitializeSListHead 5729->5753 5731 73129f 5754 7318ba 5731->5754 5733 7312c2 5760 733891 5733->5760 5735->5726 5736 7312ea 5735->5736 5738 733806 5737->5738 5739 733829 5737->5739 5738->5739 5740 7347f9 _free 15 API calls 5738->5740 5739->5723 5741 733819 5740->5741 5742 73473d _abort 21 API calls 5741->5742 5743 733824 5742->5743 5743->5723 5745 731670 5744->5745 5746 731674 5744->5746 5745->5725 5747 73191f 4 API calls 5746->5747 5749 731681 ___scrt_release_startup_lock 5746->5749 5748 7316ea 5747->5748 5749->5725 5767 7317c4 5750->5767 5753->5731 5833 733e2a 5754->5833 5756 7318cb 5757 7318d2 5756->5757 5758 73191f 4 API calls 5756->5758 5757->5733 5759 7318da 5758->5759 5759->5733 5761 734424 _abort 33 API calls 5760->5761 5762 73389c 5761->5762 5763 7347f9 _free 15 API calls 5762->5763 5766 7338d4 5762->5766 5764 7338c9 5763->5764 5765 73473d _abort 21 API calls 5764->5765 5765->5766 5766->5735 5768 7317d3 5767->5768 5769 7317da 5767->5769 5773 733c81 5768->5773 5776 733cf1 5769->5776 5772 7317d8 5772->5729 5774 733cf1 24 API calls 5773->5774 5775 733c93 5774->5775 5775->5772 5779 7339f8 5776->5779 5782 73392e 5779->5782 5781 733a1c 5781->5772 5783 73393a ___scrt_is_nonwritable_in_current_image 5782->5783 5790 7356e2 EnterCriticalSection 5783->5790 5785 733948 5791 733b40 5785->5791 5787 733955 5801 733973 5787->5801 5789 733966 _abort 5789->5781 5790->5785 5792 733b5e 5791->5792 5799 733b56 _abort 5791->5799 5793 733bb7 5792->5793 5792->5799 5804 73681b 5792->5804 5795 73681b 24 API calls 5793->5795 5793->5799 5797 733bcd 5795->5797 5796 733bad 5798 734869 _free 15 API calls 5796->5798 5800 734869 _free 15 API calls 5797->5800 5798->5793 5799->5787 5800->5799 5832 73572a LeaveCriticalSection 5801->5832 5803 73397d 5803->5789 5805 736826 5804->5805 5806 73684e 5805->5806 5807 73683f 5805->5807 5808 73685d 5806->5808 5813 737e13 5806->5813 5809 7347f9 _free 15 API calls 5807->5809 5820 737e46 5808->5820 5812 736844 _abort 5809->5812 5812->5796 5814 737e33 HeapSize 5813->5814 5815 737e1e 5813->5815 5814->5808 5816 7347f9 _free 15 API calls 5815->5816 5817 737e23 5816->5817 5818 73473d _abort 21 API calls 5817->5818 5819 737e2e 5818->5819 5819->5808 5821 737e53 5820->5821 5822 737e5e 5820->5822 5824 7362ff 16 API calls 5821->5824 5823 737e66 5822->5823 5830 737e6f _abort 5822->5830 5825 734869 _free 15 API calls 5823->5825 5828 737e5b 5824->5828 5825->5828 5826 737e74 5829 7347f9 _free 15 API calls 5826->5829 5827 737e99 HeapReAlloc 5827->5828 5827->5830 5828->5812 5829->5828 5830->5826 5830->5827 5831 736992 _abort 2 API calls 5830->5831 5831->5830 5832->5803 5834 733e48 5833->5834 5838 733e68 5833->5838 5835 7347f9 _free 15 API calls 5834->5835 5836 733e5e 5835->5836 5837 73473d _abort 21 API calls 5836->5837 5837->5838 5838->5756 6301 73430f 6302 73431a 6301->6302 6303 73432a 6301->6303 6307 734330 6302->6307 6306 734869 _free 15 API calls 6306->6303 6308 734343 6307->6308 6309 734349 6307->6309 6310 734869 _free 15 API calls 6308->6310 6311 734869 _free 15 API calls 6309->6311 6310->6309 6312 734355 6311->6312 6313 734869 _free 15 API calls 6312->6313 6314 734360 6313->6314 6315 734869 _free 15 API calls 6314->6315 6316 73436b 6315->6316 6317 734869 _free 15 API calls 6316->6317 6318 734376 6317->6318 6319 734869 _free 15 API calls 6318->6319 6320 734381 6319->6320 6321 734869 _free 15 API calls 6320->6321 6322 73438c 6321->6322 6323 734869 _free 15 API calls 6322->6323 6324 734397 6323->6324 6325 734869 _free 15 API calls 6324->6325 6326 7343a2 6325->6326 6327 734869 _free 15 API calls 6326->6327 6328 7343b0 6327->6328 6333 7341f6 6328->6333 6339 734102 6333->6339 6335 73421a 6336 734246 6335->6336 6352 734163 6336->6352 6338 73426a 6338->6306 6340 73410e ___scrt_is_nonwritable_in_current_image 6339->6340 6347 7356e2 EnterCriticalSection 6340->6347 6342 734142 6348 734157 6342->6348 6344 73414f _abort 6344->6335 6345 734118 6345->6342 6346 734869 _free 15 API calls 6345->6346 6346->6342 6347->6345 6351 73572a LeaveCriticalSection 6348->6351 6350 734161 6350->6344 6351->6350 6353 73416f ___scrt_is_nonwritable_in_current_image 6352->6353 6360 7356e2 EnterCriticalSection 6353->6360 6355 734179 6356 7343d9 _abort 15 API calls 6355->6356 6357 73418c 6356->6357 6361 7341a2 6357->6361 6359 73419a _abort 6359->6338 6360->6355 6364 73572a LeaveCriticalSection 6361->6364 6363 7341ac 6363->6359 6364->6363 6660 733d8f 6661 733db2 6660->6661 6662 733d9e 6660->6662 6663 734869 _free 15 API calls 6661->6663 6662->6661 6664 734869 _free 15 API calls 6662->6664 6665 733dc4 6663->6665 6664->6661 6666 734869 _free 15 API calls 6665->6666 6667 733dd7 6666->6667 6668 734869 _free 15 API calls 6667->6668 6669 733de8 6668->6669 6670 734869 _free 15 API calls 6669->6670 6671 733df9 6670->6671 6560 7355ce GetCommandLineA GetCommandLineW 4893 73130d 4894 731319 ___scrt_is_nonwritable_in_current_image 4893->4894 4921 73162b 4894->4921 4896 731320 4897 731473 4896->4897 4905 73134a ___scrt_is_nonwritable_in_current_image _abort ___scrt_release_startup_lock 4896->4905 4973 73191f IsProcessorFeaturePresent 4897->4973 4899 73147a 4900 731480 4899->4900 4977 7337e1 4899->4977 4980 733793 4900->4980 4904 731369 4905->4904 4911 7313ea 4905->4911 4958 7337a9 4905->4958 4929 731a34 4911->4929 4913 731405 4964 731a6a GetModuleHandleW 4913->4964 4916 731410 4917 731419 4916->4917 4966 733784 4916->4966 4969 73179c 4917->4969 4922 731634 4921->4922 4983 731bd4 IsProcessorFeaturePresent 4922->4983 4926 731645 4928 731649 4926->4928 4993 731f7d 4926->4993 4928->4896 5053 7320b0 4929->5053 4932 7313f0 4933 733457 4932->4933 5055 73522b 4933->5055 4935 7313f8 4938 731000 6 API calls 4935->4938 4936 733460 4936->4935 5059 7355b6 4936->5059 4939 7311e3 Sleep 4938->4939 4940 731096 CryptMsgGetParam 4938->4940 4941 731215 CertCloseStore LocalFree LocalFree LocalFree 4939->4941 4945 7311f7 4939->4945 4942 731162 CryptMsgGetParam 4940->4942 4943 7310bc LocalAlloc 4940->4943 4941->4913 4942->4939 4944 731174 CryptMsgGetParam 4942->4944 4946 7310d7 4943->4946 4947 731156 LocalFree 4943->4947 4944->4939 4948 731188 CertFindAttribute CertFindAttribute 4944->4948 4945->4941 4949 73120a CertDeleteCertificateFromStore 4945->4949 4950 7310e0 LocalAlloc CryptMsgGetParam 4946->4950 4947->4942 4951 7311b1 4948->4951 4952 7311b5 LoadLibraryA GetProcAddress 4948->4952 4949->4945 4953 731114 CertCreateCertificateContext 4950->4953 4954 73113d LocalFree 4950->4954 4951->4939 4951->4952 4952->4939 4956 731133 CertFreeCertificateContext 4953->4956 4957 731126 CertAddCertificateContextToStore 4953->4957 4954->4950 4955 73114d 4954->4955 4955->4947 4956->4954 4957->4956 4959 7337d1 _abort 4958->4959 4959->4911 4960 734424 _abort 33 API calls 4959->4960 4963 733e9a 4960->4963 4961 733f24 _abort 33 API calls 4962 733ec4 4961->4962 4963->4961 4965 73140c 4964->4965 4965->4899 4965->4916 5547 73355e 4966->5547 4968 73378f 4968->4917 4971 7317a8 ___scrt_uninitialize_crt 4969->4971 4970 731421 4970->4904 4971->4970 4972 731f7d ___scrt_uninitialize_crt 7 API calls 4971->4972 4972->4970 4974 731935 _abort 4973->4974 4975 7319e0 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 4974->4975 4976 731a24 _abort 4975->4976 4976->4899 4978 73355e _abort 23 API calls 4977->4978 4979 7337f2 4978->4979 4979->4900 4981 73355e _abort 23 API calls 4980->4981 4982 731488 4981->4982 4984 731640 4983->4984 4985 731f5e 4984->4985 4999 7324b1 4985->4999 4988 731f67 4988->4926 4990 731f6f 4991 731f7a 4990->4991 5013 7324ed 4990->5013 4991->4926 4994 731f90 4993->4994 4995 731f86 4993->4995 4994->4928 4996 732496 ___vcrt_uninitialize_ptd 6 API calls 4995->4996 4997 731f8b 4996->4997 4998 7324ed ___vcrt_uninitialize_locks DeleteCriticalSection 4997->4998 4998->4994 5000 7324ba 4999->5000 5002 7324e3 5000->5002 5003 731f63 5000->5003 5017 73271d 5000->5017 5004 7324ed ___vcrt_uninitialize_locks DeleteCriticalSection 5002->5004 5003->4988 5005 732463 5003->5005 5004->5003 5034 73262e 5005->5034 5008 732478 5008->4990 5011 732493 5011->4990 5014 732517 5013->5014 5015 7324f8 5013->5015 5014->4988 5016 732502 DeleteCriticalSection 5015->5016 5016->5014 5016->5016 5022 732543 5017->5022 5020 732755 InitializeCriticalSectionAndSpinCount 5021 732740 5020->5021 5021->5000 5023 732564 5022->5023 5024 732560 5022->5024 5023->5024 5025 7325cc GetProcAddress 5023->5025 5027 7325bd 5023->5027 5029 7325e3 LoadLibraryExW 5023->5029 5024->5020 5024->5021 5025->5024 5027->5025 5028 7325c5 FreeLibrary 5027->5028 5028->5025 5030 7325fa GetLastError 5029->5030 5032 73262a 5029->5032 5031 732605 5030->5031 5030->5032 5031->5032 5033 73261b LoadLibraryExW 5031->5033 5032->5023 5033->5023 5035 732543 ___vcrt_FlsGetValue 5 API calls 5034->5035 5036 732648 5035->5036 5037 732661 TlsAlloc 5036->5037 5038 73246d 5036->5038 5038->5008 5039 7326df 5038->5039 5040 732543 ___vcrt_FlsGetValue 5 API calls 5039->5040 5041 7326f9 5040->5041 5042 732714 TlsSetValue 5041->5042 5043 732486 5041->5043 5042->5043 5043->5011 5044 732496 5043->5044 5045 7324a0 5044->5045 5046 7324a6 5044->5046 5048 732669 5045->5048 5046->5008 5049 732543 ___vcrt_FlsGetValue 5 API calls 5048->5049 5050 732683 5049->5050 5051 73269b TlsFree 5050->5051 5052 73268f 5050->5052 5051->5052 5052->5046 5054 731a47 GetStartupInfoW 5053->5054 5054->4932 5056 73523d 5055->5056 5057 735234 5055->5057 5056->4936 5062 73512a 5057->5062 5544 73555d 5059->5544 5082 734424 GetLastError 5062->5082 5064 735137 5102 735249 5064->5102 5066 73513f 5111 734ebe 5066->5111 5069 735156 5069->5056 5073 73518c 5075 735194 5073->5075 5079 7351b1 5073->5079 5133 7347f9 5075->5133 5077 7351dd 5078 735199 5077->5078 5142 734d94 5077->5142 5136 734869 5078->5136 5079->5077 5080 734869 _free 15 API calls 5079->5080 5080->5077 5083 734440 5082->5083 5084 73443a 5082->5084 5088 73448f SetLastError 5083->5088 5150 73480c 5083->5150 5145 735904 5084->5145 5088->5064 5089 73445a 5091 734869 _free 15 API calls 5089->5091 5093 734460 5091->5093 5092 73446f 5092->5089 5094 734476 5092->5094 5095 73449b SetLastError 5093->5095 5162 734296 5094->5162 5167 733f24 5095->5167 5099 734869 _free 15 API calls 5101 734488 5099->5101 5101->5088 5101->5095 5103 735255 ___scrt_is_nonwritable_in_current_image 5102->5103 5104 734424 _abort 33 API calls 5103->5104 5109 73525f 5104->5109 5106 7352e3 _abort 5106->5066 5108 733f24 _abort 33 API calls 5108->5109 5109->5106 5109->5108 5110 734869 _free 15 API calls 5109->5110 5403 7356e2 EnterCriticalSection 5109->5403 5404 7352da 5109->5404 5110->5109 5408 733f72 5111->5408 5114 734ef1 5116 734f08 5114->5116 5117 734ef6 GetACP 5114->5117 5115 734edf GetOEMCP 5115->5116 5116->5069 5118 7362ff 5116->5118 5117->5116 5119 73633d 5118->5119 5120 73630d _abort 5118->5120 5122 7347f9 _free 15 API calls 5119->5122 5120->5119 5121 736328 HeapAlloc 5120->5121 5124 736992 _abort 2 API calls 5120->5124 5121->5120 5123 735167 5121->5123 5122->5123 5123->5078 5125 7352eb 5123->5125 5124->5120 5126 734ebe 35 API calls 5125->5126 5127 73530a 5126->5127 5128 73535b IsValidCodePage 5127->5128 5130 735311 _ValidateLocalCookies 5127->5130 5132 735380 _abort 5127->5132 5129 73536d GetCPInfo 5128->5129 5128->5130 5129->5130 5129->5132 5130->5073 5445 734f96 GetCPInfo 5132->5445 5134 7344a8 _free 15 API calls 5133->5134 5135 7347fe 5134->5135 5135->5078 5137 73489d _free 5136->5137 5138 734874 HeapFree 5136->5138 5137->5069 5138->5137 5139 734889 5138->5139 5140 7347f9 _free 13 API calls 5139->5140 5141 73488f GetLastError 5140->5141 5141->5137 5508 734d51 5142->5508 5144 734db8 5144->5078 5178 735741 5145->5178 5147 73592b 5148 735943 TlsGetValue 5147->5148 5149 735937 _ValidateLocalCookies 5147->5149 5148->5149 5149->5083 5155 734819 _abort 5150->5155 5151 734859 5154 7347f9 _free 14 API calls 5151->5154 5152 734844 HeapAlloc 5153 734452 5152->5153 5152->5155 5153->5089 5157 73595a 5153->5157 5154->5153 5155->5151 5155->5152 5191 736992 5155->5191 5158 735741 _abort 5 API calls 5157->5158 5159 735981 5158->5159 5160 73599c TlsSetValue 5159->5160 5161 735990 _ValidateLocalCookies 5159->5161 5160->5161 5161->5092 5205 73426e 5162->5205 5313 736b14 5167->5313 5170 733f35 5172 733f5c 5170->5172 5173 733f3e IsProcessorFeaturePresent 5170->5173 5175 733793 _abort 23 API calls 5172->5175 5174 733f49 5173->5174 5341 734573 5174->5341 5177 733f66 5175->5177 5179 73576d 5178->5179 5183 735771 _abort 5178->5183 5182 735791 5179->5182 5179->5183 5184 7357dd 5179->5184 5181 73579d GetProcAddress 5181->5183 5182->5181 5182->5183 5183->5147 5185 7357fe LoadLibraryExW 5184->5185 5189 7357f3 5184->5189 5186 735833 5185->5186 5187 73581b GetLastError 5185->5187 5186->5189 5190 73584a FreeLibrary 5186->5190 5187->5186 5188 735826 LoadLibraryExW 5187->5188 5188->5186 5189->5179 5190->5189 5194 7369d6 5191->5194 5193 7369a8 _ValidateLocalCookies 5193->5155 5195 7369e2 ___scrt_is_nonwritable_in_current_image 5194->5195 5200 7356e2 EnterCriticalSection 5195->5200 5197 7369ed 5201 736a1f 5197->5201 5199 736a14 _abort 5199->5193 5200->5197 5204 73572a LeaveCriticalSection 5201->5204 5203 736a26 5203->5199 5204->5203 5211 7341ae 5205->5211 5207 734292 5208 73421e 5207->5208 5222 7340b2 5208->5222 5210 734242 5210->5099 5212 7341ba ___scrt_is_nonwritable_in_current_image 5211->5212 5217 7356e2 EnterCriticalSection 5212->5217 5214 7341c4 5218 7341ea 5214->5218 5216 7341e2 _abort 5216->5207 5217->5214 5221 73572a LeaveCriticalSection 5218->5221 5220 7341f4 5220->5216 5221->5220 5223 7340be ___scrt_is_nonwritable_in_current_image 5222->5223 5230 7356e2 EnterCriticalSection 5223->5230 5225 7340c8 5231 7343d9 5225->5231 5227 7340e0 5235 7340f6 5227->5235 5229 7340ee _abort 5229->5210 5230->5225 5232 73440f __fassign 5231->5232 5233 7343e8 __fassign 5231->5233 5232->5227 5233->5232 5238 736507 5233->5238 5312 73572a LeaveCriticalSection 5235->5312 5237 734100 5237->5229 5240 736587 5238->5240 5241 73651d 5238->5241 5242 734869 _free 15 API calls 5240->5242 5265 7365d5 5240->5265 5241->5240 5246 734869 _free 15 API calls 5241->5246 5248 736550 5241->5248 5243 7365a9 5242->5243 5244 734869 _free 15 API calls 5243->5244 5249 7365bc 5244->5249 5245 734869 _free 15 API calls 5250 73657c 5245->5250 5252 736545 5246->5252 5247 7365e3 5251 736643 5247->5251 5260 734869 15 API calls _free 5247->5260 5253 734869 _free 15 API calls 5248->5253 5264 736572 5248->5264 5254 734869 _free 15 API calls 5249->5254 5255 734869 _free 15 API calls 5250->5255 5256 734869 _free 15 API calls 5251->5256 5266 736078 5252->5266 5258 736567 5253->5258 5259 7365ca 5254->5259 5255->5240 5261 736649 5256->5261 5294 736176 5258->5294 5263 734869 _free 15 API calls 5259->5263 5260->5247 5261->5232 5263->5265 5264->5245 5306 73667a 5265->5306 5267 736089 5266->5267 5293 736172 5266->5293 5268 73609a 5267->5268 5269 734869 _free 15 API calls 5267->5269 5270 7360ac 5268->5270 5272 734869 _free 15 API calls 5268->5272 5269->5268 5271 7360be 5270->5271 5273 734869 _free 15 API calls 5270->5273 5274 7360d0 5271->5274 5275 734869 _free 15 API calls 5271->5275 5272->5270 5273->5271 5276 7360e2 5274->5276 5277 734869 _free 15 API calls 5274->5277 5275->5274 5278 7360f4 5276->5278 5280 734869 _free 15 API calls 5276->5280 5277->5276 5279 736106 5278->5279 5281 734869 _free 15 API calls 5278->5281 5282 736118 5279->5282 5283 734869 _free 15 API calls 5279->5283 5280->5278 5281->5279 5284 734869 _free 15 API calls 5282->5284 5287 73612a 5282->5287 5283->5282 5284->5287 5285 73613c 5286 73614e 5285->5286 5289 734869 _free 15 API calls 5285->5289 5290 736160 5286->5290 5291 734869 _free 15 API calls 5286->5291 5287->5285 5288 734869 _free 15 API calls 5287->5288 5288->5285 5289->5286 5292 734869 _free 15 API calls 5290->5292 5290->5293 5291->5290 5292->5293 5293->5248 5296 736183 5294->5296 5305 7361db 5294->5305 5295 736193 5298 7361a5 5295->5298 5299 734869 _free 15 API calls 5295->5299 5296->5295 5297 734869 _free 15 API calls 5296->5297 5297->5295 5300 7361b7 5298->5300 5301 734869 _free 15 API calls 5298->5301 5299->5298 5302 7361c9 5300->5302 5303 734869 _free 15 API calls 5300->5303 5301->5300 5304 734869 _free 15 API calls 5302->5304 5302->5305 5303->5302 5304->5305 5305->5264 5307 7366a5 5306->5307 5308 736687 5306->5308 5307->5247 5308->5307 5309 73621b __fassign 15 API calls 5308->5309 5310 73669f 5309->5310 5311 734869 _free 15 API calls 5310->5311 5311->5307 5312->5237 5345 736a82 5313->5345 5316 736b6f 5317 736b7b _abort 5316->5317 5322 736ba8 _abort 5317->5322 5323 736ba2 _abort 5317->5323 5359 7344a8 GetLastError 5317->5359 5319 736bf4 5320 7347f9 _free 15 API calls 5319->5320 5321 736bf9 5320->5321 5378 73473d 5321->5378 5327 736c20 5322->5327 5381 7356e2 EnterCriticalSection 5322->5381 5323->5319 5323->5322 5326 736bd7 _abort 5323->5326 5326->5170 5328 736c7f 5327->5328 5330 736c77 5327->5330 5338 736caa 5327->5338 5382 73572a LeaveCriticalSection 5327->5382 5328->5338 5383 736b66 5328->5383 5333 733793 _abort 23 API calls 5330->5333 5333->5328 5335 734424 _abort 33 API calls 5339 736d0d 5335->5339 5337 736b66 _abort 33 API calls 5337->5338 5386 736d2f 5338->5386 5339->5326 5340 734424 _abort 33 API calls 5339->5340 5340->5326 5342 73458f _abort 5341->5342 5343 7345bb IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 5342->5343 5344 73468c _abort _ValidateLocalCookies 5343->5344 5344->5172 5348 736a28 5345->5348 5347 733f29 5347->5170 5347->5316 5349 736a34 ___scrt_is_nonwritable_in_current_image 5348->5349 5354 7356e2 EnterCriticalSection 5349->5354 5351 736a42 5355 736a76 5351->5355 5353 736a69 _abort 5353->5347 5354->5351 5358 73572a LeaveCriticalSection 5355->5358 5357 736a80 5357->5353 5358->5357 5360 7344c1 5359->5360 5361 7344c7 5359->5361 5363 735904 _abort 6 API calls 5360->5363 5362 73480c _abort 12 API calls 5361->5362 5364 73451e SetLastError 5361->5364 5366 7344d9 5362->5366 5363->5361 5367 734527 5364->5367 5365 7344e1 5369 734869 _free 12 API calls 5365->5369 5366->5365 5368 73595a _abort 6 API calls 5366->5368 5367->5323 5370 7344f6 5368->5370 5371 7344e7 5369->5371 5370->5365 5372 7344fd 5370->5372 5373 734515 SetLastError 5371->5373 5374 734296 _abort 12 API calls 5372->5374 5373->5367 5375 734508 5374->5375 5376 734869 _free 12 API calls 5375->5376 5377 73450e 5376->5377 5377->5364 5377->5373 5390 7346c2 5378->5390 5380 734749 5380->5326 5381->5327 5382->5330 5384 734424 _abort 33 API calls 5383->5384 5385 736b6b 5384->5385 5385->5337 5387 736d35 5386->5387 5388 736cfe 5386->5388 5402 73572a LeaveCriticalSection 5387->5402 5388->5326 5388->5335 5388->5339 5391 7344a8 _free 15 API calls 5390->5391 5392 7346d8 5391->5392 5397 7346e6 _ValidateLocalCookies 5392->5397 5398 73474d IsProcessorFeaturePresent 5392->5398 5394 73473c 5395 7346c2 _abort 21 API calls 5394->5395 5396 734749 5395->5396 5396->5380 5397->5380 5399 734758 5398->5399 5400 734573 _abort 3 API calls 5399->5400 5401 73476d GetCurrentProcess TerminateProcess 5400->5401 5401->5394 5402->5388 5403->5109 5407 73572a LeaveCriticalSection 5404->5407 5406 7352e1 5406->5109 5407->5406 5409 733f8f 5408->5409 5410 733f85 5408->5410 5409->5410 5411 734424 _abort 33 API calls 5409->5411 5410->5114 5410->5115 5412 733fb0 5411->5412 5416 7372d1 5412->5416 5417 7372e4 5416->5417 5418 733fc9 5416->5418 5417->5418 5424 736754 5417->5424 5420 7372fe 5418->5420 5421 737311 5420->5421 5422 737326 5420->5422 5421->5422 5423 735249 __fassign 33 API calls 5421->5423 5422->5410 5423->5422 5425 736760 ___scrt_is_nonwritable_in_current_image 5424->5425 5426 734424 _abort 33 API calls 5425->5426 5427 736769 5426->5427 5428 7367b7 _abort 5427->5428 5436 7356e2 EnterCriticalSection 5427->5436 5428->5418 5430 736787 5437 7367cb 5430->5437 5435 733f24 _abort 33 API calls 5435->5428 5436->5430 5438 7367d9 __fassign 5437->5438 5440 73679b 5437->5440 5439 736507 __fassign 15 API calls 5438->5439 5438->5440 5439->5440 5441 7367ba 5440->5441 5444 73572a LeaveCriticalSection 5441->5444 5443 7367ae 5443->5428 5443->5435 5444->5443 5446 734fd0 5445->5446 5452 73507a _ValidateLocalCookies 5445->5452 5453 73634d 5446->5453 5448 735031 5465 737cd1 5448->5465 5451 737cd1 38 API calls 5451->5452 5452->5130 5454 733f72 __fassign 33 API calls 5453->5454 5455 73636d MultiByteToWideChar 5454->5455 5457 7363ab 5455->5457 5459 736443 _ValidateLocalCookies 5455->5459 5458 7363cc _abort __alloca_probe_16 5457->5458 5460 7362ff 16 API calls 5457->5460 5461 73643d 5458->5461 5463 736411 MultiByteToWideChar 5458->5463 5459->5448 5460->5458 5470 73646a 5461->5470 5463->5461 5464 73642d GetStringTypeW 5463->5464 5464->5461 5466 733f72 __fassign 33 API calls 5465->5466 5467 737ce4 5466->5467 5474 737ab4 5467->5474 5469 735052 5469->5451 5471 736476 5470->5471 5472 736487 5470->5472 5471->5472 5473 734869 _free 15 API calls 5471->5473 5472->5459 5473->5472 5475 737acf 5474->5475 5476 737af5 MultiByteToWideChar 5475->5476 5477 737b1f 5476->5477 5478 737ca9 _ValidateLocalCookies 5476->5478 5479 7362ff 16 API calls 5477->5479 5483 737b40 __alloca_probe_16 5477->5483 5478->5469 5479->5483 5480 737bf5 5485 73646a __freea 15 API calls 5480->5485 5481 737b89 MultiByteToWideChar 5481->5480 5482 737ba2 5481->5482 5499 735a15 5482->5499 5483->5480 5483->5481 5485->5478 5486 737bb9 5486->5480 5487 737c04 5486->5487 5488 737bcc 5486->5488 5489 7362ff 16 API calls 5487->5489 5492 737c25 __alloca_probe_16 5487->5492 5488->5480 5490 735a15 6 API calls 5488->5490 5489->5492 5490->5480 5491 737c9a 5494 73646a __freea 15 API calls 5491->5494 5492->5491 5493 735a15 6 API calls 5492->5493 5495 737c79 5493->5495 5494->5480 5495->5491 5496 737c88 WideCharToMultiByte 5495->5496 5496->5491 5497 737cc8 5496->5497 5498 73646a __freea 15 API calls 5497->5498 5498->5480 5500 735741 _abort 5 API calls 5499->5500 5501 735a3c 5500->5501 5504 735a45 _ValidateLocalCookies 5501->5504 5505 735a9d 5501->5505 5503 735a85 LCMapStringW 5503->5504 5504->5486 5506 735741 _abort 5 API calls 5505->5506 5507 735ac4 _ValidateLocalCookies 5506->5507 5507->5503 5509 734d5d ___scrt_is_nonwritable_in_current_image 5508->5509 5516 7356e2 EnterCriticalSection 5509->5516 5511 734d67 5517 734dbc 5511->5517 5515 734d80 _abort 5515->5144 5516->5511 5529 7354dc 5517->5529 5519 734e0a 5520 7354dc 21 API calls 5519->5520 5521 734e26 5520->5521 5522 7354dc 21 API calls 5521->5522 5523 734e44 5522->5523 5524 734d74 5523->5524 5525 734869 _free 15 API calls 5523->5525 5526 734d88 5524->5526 5525->5524 5543 73572a LeaveCriticalSection 5526->5543 5528 734d92 5528->5515 5530 7354ed 5529->5530 5539 7354e9 5529->5539 5531 7354f4 5530->5531 5534 735507 _abort 5530->5534 5532 7347f9 _free 15 API calls 5531->5532 5533 7354f9 5532->5533 5535 73473d _abort 21 API calls 5533->5535 5536 735535 5534->5536 5537 73553e 5534->5537 5534->5539 5535->5539 5538 7347f9 _free 15 API calls 5536->5538 5537->5539 5541 7347f9 _free 15 API calls 5537->5541 5540 73553a 5538->5540 5539->5519 5542 73473d _abort 21 API calls 5540->5542 5541->5540 5542->5539 5543->5528 5545 733f72 __fassign 33 API calls 5544->5545 5546 735571 5545->5546 5546->4936 5548 73356a _abort 5547->5548 5549 733582 5548->5549 5562 7336b8 GetModuleHandleW 5548->5562 5569 7356e2 EnterCriticalSection 5549->5569 5556 73358a 5558 7335ff _abort 5556->5558 5570 733c97 5556->5570 5557 733671 _abort 5557->4968 5573 733668 5558->5573 5563 733576 5562->5563 5563->5549 5564 7336fc GetModuleHandleExW 5563->5564 5565 733726 GetProcAddress 5564->5565 5568 73373b 5564->5568 5565->5568 5566 73374f FreeLibrary 5567 733758 _ValidateLocalCookies 5566->5567 5567->5549 5568->5566 5568->5567 5569->5556 5584 7339d0 5570->5584 5604 73572a LeaveCriticalSection 5573->5604 5575 733641 5575->5557 5576 733677 5575->5576 5605 735b1f 5576->5605 5578 733681 5579 7336a5 5578->5579 5580 733685 GetPEB 5578->5580 5582 7336fc _abort 3 API calls 5579->5582 5580->5579 5581 733695 GetCurrentProcess TerminateProcess 5580->5581 5581->5579 5583 7336ad ExitProcess 5582->5583 5587 73397f 5584->5587 5586 7339f4 5586->5558 5588 73398b ___scrt_is_nonwritable_in_current_image 5587->5588 5595 7356e2 EnterCriticalSection 5588->5595 5590 733999 5596 733a20 5590->5596 5592 7339a6 5600 7339c4 5592->5600 5594 7339b7 _abort 5594->5586 5595->5590 5597 733a48 5596->5597 5599 733a40 _ValidateLocalCookies 5596->5599 5598 734869 _free 15 API calls 5597->5598 5597->5599 5598->5599 5599->5592 5603 73572a LeaveCriticalSection 5600->5603 5602 7339ce 5602->5594 5603->5602 5604->5575 5606 735b44 5605->5606 5608 735b3a _ValidateLocalCookies 5605->5608 5607 735741 _abort 5 API calls 5606->5607 5607->5608 5608->5578 5839 73324d 5840 73522b 46 API calls 5839->5840 5841 73325f 5840->5841 5850 73561e GetEnvironmentStringsW 5841->5850 5844 73326a 5846 734869 _free 15 API calls 5844->5846 5847 73329f 5846->5847 5848 733275 5849 734869 _free 15 API calls 5848->5849 5849->5844 5851 735635 5850->5851 5861 735688 5850->5861 5852 73563b WideCharToMultiByte 5851->5852 5855 735657 5852->5855 5852->5861 5853 735691 FreeEnvironmentStringsW 5854 733264 5853->5854 5854->5844 5862 7332a5 5854->5862 5856 7362ff 16 API calls 5855->5856 5857 73565d 5856->5857 5858 73567a 5857->5858 5859 735664 WideCharToMultiByte 5857->5859 5860 734869 _free 15 API calls 5858->5860 5859->5858 5860->5861 5861->5853 5861->5854 5863 7332ba 5862->5863 5864 73480c _abort 15 API calls 5863->5864 5875 7332e1 5864->5875 5865 733345 5866 734869 _free 15 API calls 5865->5866 5867 73335f 5866->5867 5867->5848 5868 73480c _abort 15 API calls 5868->5875 5869 733347 5870 733376 15 API calls 5869->5870 5872 73334d 5870->5872 5873 734869 _free 15 API calls 5872->5873 5873->5865 5874 733369 5876 73474d _abort 6 API calls 5874->5876 5875->5865 5875->5868 5875->5869 5875->5874 5877 734869 _free 15 API calls 5875->5877 5879 733eca 5875->5879 5878 733375 5876->5878 5877->5875 5880 733ed7 5879->5880 5881 733ee5 5879->5881 5880->5881 5885 733efc 5880->5885 5882 7347f9 _free 15 API calls 5881->5882 5887 733eed 5882->5887 5883 73473d _abort 21 API calls 5884 733ef7 5883->5884 5884->5875 5885->5884 5886 7347f9 _free 15 API calls 5885->5886 5886->5887 5887->5883

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                • LocalAlloc.KERNEL32(00000000,00000104), ref: 00731016
                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,00000000,00000104), ref: 00731025
                                                                                                                                • CertOpenSystemStoreA.CRYPT32(00000000,TrustedPublisher), ref: 00731032
                                                                                                                                • LocalAlloc.KERNELBASE(00000000,00040000), ref: 00731057
                                                                                                                                • LocalAlloc.KERNEL32(00000000,00040000), ref: 00731063
                                                                                                                                • CryptQueryObject.CRYPT32(00000001,00000000,00000400,00000002,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00731082
                                                                                                                                • CryptMsgGetParam.CRYPT32(?,0000000B,00000000,?,?), ref: 007310B2
                                                                                                                                • LocalAlloc.KERNEL32(00000000,?), ref: 007310C5
                                                                                                                                • LocalAlloc.KERNEL32(00000000,00002000), ref: 007310F4
                                                                                                                                • CryptMsgGetParam.CRYPT32(?,0000000C,00000000,00000000,00002000), ref: 0073110A
                                                                                                                                • CertCreateCertificateContext.CRYPT32(00000001,00000000,00002000), ref: 0073111A
                                                                                                                                • CertAddCertificateContextToStore.CRYPT32(?,00000000,00000001,00000000), ref: 0073112D
                                                                                                                                • CertFreeCertificateContext.CRYPT32(00000000), ref: 00731134
                                                                                                                                • LocalFree.KERNEL32(00000000), ref: 0073113E
                                                                                                                                • LocalFree.KERNEL32(00000000), ref: 0073115D
                                                                                                                                • CryptMsgGetParam.CRYPT32(?,00000009,00000000,00000000,00040000), ref: 0073116E
                                                                                                                                • CryptMsgGetParam.CRYPT32(?,0000000A,00000000,?,00040000), ref: 00731182
                                                                                                                                • CertFindAttribute.CRYPT32(1.3.6.1.4.1.311.4.1.1,00000000,?), ref: 00731198
                                                                                                                                • CertFindAttribute.CRYPT32(1.3.6.1.4.1.311.4.1.1,?,?), ref: 007311A9
                                                                                                                                • LoadLibraryA.KERNELBASE(dfshim), ref: 007311BA
                                                                                                                                • GetProcAddress.KERNEL32(00000000,ShOpenVerbApplicationW), ref: 007311C6
                                                                                                                                • Sleep.KERNELBASE(00009C40), ref: 007311E8
                                                                                                                                • CertDeleteCertificateFromStore.CRYPT32(?), ref: 0073120B
                                                                                                                                • CertCloseStore.CRYPT32(?,00000000), ref: 0073121A
                                                                                                                                • LocalFree.KERNEL32(?), ref: 00731223
                                                                                                                                • LocalFree.KERNEL32(?), ref: 00731228
                                                                                                                                • LocalFree.KERNEL32(?), ref: 0073122D
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Local$Cert$Free$AllocCrypt$CertificateParamStore$Context$AttributeFind$AddressCloseCreateDeleteFileFromLibraryLoadModuleNameObjectOpenProcQuerySleepSystem
                                                                                                                                • String ID: 1.3.6.1.4.1.311.4.1.1$ShOpenVerbApplicationW$TrustedPublisher$dfshim
                                                                                                                                • API String ID: 335784236-860318880
                                                                                                                                • Opcode ID: d96478b304d87620ff9a4bcaa8b77f6d4cbe26a3732eabd3dd6dd80b41b54774
                                                                                                                                • Instruction ID: 42040eee8e794caa319f72af69959f9cc87c7edda344dc8cf82db0477057435c
                                                                                                                                • Opcode Fuzzy Hash: d96478b304d87620ff9a4bcaa8b77f6d4cbe26a3732eabd3dd6dd80b41b54774
                                                                                                                                • Instruction Fuzzy Hash: 49616D71A40218AFFB209B94DC89FAFBBB5FF48B51F104054FB14B7291D77999018BA8
                                                                                                                                APIs
                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 0073192B
                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 007319F7
                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00731A10
                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 00731A1A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 254469556-0
                                                                                                                                • Opcode ID: 1e21633c5833aae976d11d385ede3873beddedecc33758e38f11890a989fa981
                                                                                                                                • Instruction ID: f93434d683fcc6e292238ce4340249378ab7256a8a76d344e01defdc1caf4d45
                                                                                                                                • Opcode Fuzzy Hash: 1e21633c5833aae976d11d385ede3873beddedecc33758e38f11890a989fa981
                                                                                                                                • Instruction Fuzzy Hash: 92312AB5D05218DBEF20DF64D949BCDBBB8AF08301F1041AAE50CAB251EB759A85CF45
                                                                                                                                APIs
                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 0073466B
                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00734675
                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00734682
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3906539128-0
                                                                                                                                • Opcode ID: 10819d2a465c0cc9bb1c26fe0c23ae9ecc00e02063a04c6f8354782e3bba52ad
                                                                                                                                • Instruction ID: 77664ae7c9735dd6b45546b875a6daae5b8c5297736930f530a4c43433672b45
                                                                                                                                • Opcode Fuzzy Hash: 10819d2a465c0cc9bb1c26fe0c23ae9ecc00e02063a04c6f8354782e3bba52ad
                                                                                                                                • Instruction Fuzzy Hash: A2310274901228DBDB25DF24DC89B8DBBB8BF08310F5041EAE81CA7261EB349B858F45
                                                                                                                                APIs
                                                                                                                                • GetCurrentProcess.KERNEL32(?,?,0073364D,?,007402E0,0000000C,007337A4,?,00000002,00000000,?,00733F66,00000003,0073209F,00731AFC), ref: 00733698
                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,0073364D,?,007402E0,0000000C,007337A4,?,00000002,00000000,?,00733F66,00000003,0073209F,00731AFC), ref: 0073369F
                                                                                                                                • ExitProcess.KERNEL32 ref: 007336B1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                • Opcode ID: 3ace8701e64f1165e8f147a703299e75c157d03fa0f38fdc04b148eb9e3044da
                                                                                                                                • Instruction ID: 8e7d2d016875b91112f07776131d23d3c97f257862c7806bc8d9c198a7ffae78
                                                                                                                                • Opcode Fuzzy Hash: 3ace8701e64f1165e8f147a703299e75c157d03fa0f38fdc04b148eb9e3044da
                                                                                                                                • Instruction Fuzzy Hash: 86E0B6B1010548EFEF25AF54DE0EA5A3B69EF40346F008014FA559A232DB3DDE42CA54
                                                                                                                                APIs
                                                                                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0073A490,?,?,00000008,?,?,0073A130,00000000), ref: 0073A6C2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionRaise
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3997070919-0
                                                                                                                                • Opcode ID: 0676eb40561f0ad2bcb58da24204af408078e2fd46fd7b5ea1aeaa6e1e1fc2b9
                                                                                                                                • Instruction ID: 5ea0986f489f95b0d9f9f2bbbaa63604bdc30edf6a6714eee1eb6855753e0632
                                                                                                                                • Opcode Fuzzy Hash: 0676eb40561f0ad2bcb58da24204af408078e2fd46fd7b5ea1aeaa6e1e1fc2b9
                                                                                                                                • Instruction Fuzzy Hash: 79B12C71510609EFE715CF28C48AB657BE0FF45364F298658E8DACF2A2C339D991CB41
                                                                                                                                APIs
                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00731BEA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FeaturePresentProcessor
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2325560087-0
                                                                                                                                • Opcode ID: d8ab24c8c5379ff6af6a966a44a647eb74970aef1eb36d8fbfc0be4510bcd309
                                                                                                                                • Instruction ID: 1a5e97a0e7ccb20aebd685da62a9d9faf707989e3f129921d27c7c54c0d0ff47
                                                                                                                                • Opcode Fuzzy Hash: d8ab24c8c5379ff6af6a966a44a647eb74970aef1eb36d8fbfc0be4510bcd309
                                                                                                                                • Instruction Fuzzy Hash: E4519AB5E106058BEB15CF65D8957AEBBF0FB89340F65C46AC401EB3A1E3789980CF64
                                                                                                                                APIs
                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_00001AB8,00731300), ref: 00731AB1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                • Opcode ID: d6a80e0fc98862e99f170ac5729ae0054a650ec37d050e0b061b25c9a16161f5
                                                                                                                                • Instruction ID: 93b475afdb3abc7a7d60355fdf11f1ca4ee346f1339be2b2283670557643d067
                                                                                                                                • Opcode Fuzzy Hash: d6a80e0fc98862e99f170ac5729ae0054a650ec37d050e0b061b25c9a16161f5
                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HeapProcess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 54951025-0
                                                                                                                                • Opcode ID: 10712d9b3508695529fb39f53924f96e4adab657c2090ba1a8cb84188e7a5c4e
                                                                                                                                • Instruction ID: 62359714a41a2ff6b81dfbcfaa5ef362583cc87b94f88da9a8281c7a2f947383
                                                                                                                                • Opcode Fuzzy Hash: 10712d9b3508695529fb39f53924f96e4adab657c2090ba1a8cb84188e7a5c4e
                                                                                                                                • Instruction Fuzzy Hash: C4A012302001098B53008F305A45208369855815C170180156104C0020DB2840506A06

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 81 736507-73651b 82 736589-736591 81->82 83 73651d-736522 81->83 85 736593-736596 82->85 86 7365d8-7365f0 call 73667a 82->86 83->82 84 736524-736529 83->84 84->82 87 73652b-73652e 84->87 85->86 89 736598-7365d5 call 734869 * 4 85->89 95 7365f3-7365fa 86->95 87->82 90 736530-736538 87->90 89->86 93 736552-73655a 90->93 94 73653a-73653d 90->94 100 736574-736588 call 734869 * 2 93->100 101 73655c-73655f 93->101 94->93 97 73653f-736551 call 734869 call 736078 94->97 98 736619-73661d 95->98 99 7365fc-736600 95->99 97->93 109 736635-736641 98->109 110 73661f-736624 98->110 105 736602-736605 99->105 106 736616 99->106 100->82 101->100 107 736561-736573 call 734869 call 736176 101->107 105->106 114 736607-736615 call 734869 * 2 105->114 106->98 107->100 109->95 112 736643-736650 call 734869 109->112 117 736632 110->117 118 736626-736629 110->118 114->106 117->109 118->117 125 73662b-736631 call 734869 118->125 125->117
                                                                                                                                APIs
                                                                                                                                • ___free_lconv_mon.LIBCMT ref: 0073654B
                                                                                                                                  • Part of subcall function 00736078: _free.LIBCMT ref: 00736095
                                                                                                                                  • Part of subcall function 00736078: _free.LIBCMT ref: 007360A7
                                                                                                                                  • Part of subcall function 00736078: _free.LIBCMT ref: 007360B9
                                                                                                                                  • Part of subcall function 00736078: _free.LIBCMT ref: 007360CB
                                                                                                                                  • Part of subcall function 00736078: _free.LIBCMT ref: 007360DD
                                                                                                                                  • Part of subcall function 00736078: _free.LIBCMT ref: 007360EF
                                                                                                                                  • Part of subcall function 00736078: _free.LIBCMT ref: 00736101
                                                                                                                                  • Part of subcall function 00736078: _free.LIBCMT ref: 00736113
                                                                                                                                  • Part of subcall function 00736078: _free.LIBCMT ref: 00736125
                                                                                                                                  • Part of subcall function 00736078: _free.LIBCMT ref: 00736137
                                                                                                                                  • Part of subcall function 00736078: _free.LIBCMT ref: 00736149
                                                                                                                                  • Part of subcall function 00736078: _free.LIBCMT ref: 0073615B
                                                                                                                                  • Part of subcall function 00736078: _free.LIBCMT ref: 0073616D
                                                                                                                                • _free.LIBCMT ref: 00736540
                                                                                                                                  • Part of subcall function 00734869: HeapFree.KERNEL32(00000000,00000000,?,0073620D,?,00000000,?,00000000,?,00736234,?,00000007,?,?,0073669F,?), ref: 0073487F
                                                                                                                                  • Part of subcall function 00734869: GetLastError.KERNEL32(?,?,0073620D,?,00000000,?,00000000,?,00736234,?,00000007,?,?,0073669F,?,?), ref: 00734891
                                                                                                                                • _free.LIBCMT ref: 00736562
                                                                                                                                • _free.LIBCMT ref: 00736577
                                                                                                                                • _free.LIBCMT ref: 00736582
                                                                                                                                • _free.LIBCMT ref: 007365A4
                                                                                                                                • _free.LIBCMT ref: 007365B7
                                                                                                                                • _free.LIBCMT ref: 007365C5
                                                                                                                                • _free.LIBCMT ref: 007365D0
                                                                                                                                • _free.LIBCMT ref: 00736608
                                                                                                                                • _free.LIBCMT ref: 0073660F
                                                                                                                                • _free.LIBCMT ref: 0073662C
                                                                                                                                • _free.LIBCMT ref: 00736644
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 161543041-0
                                                                                                                                • Opcode ID: 8966833a8c7337f3edd88a9bda1fe4a574db3ff718eaa4503364e3a1f4970410
                                                                                                                                • Instruction ID: bdaed6980a9f52691e6d992ddd1225a6e29f4d71263b373921629a32b41cde3a
                                                                                                                                • Opcode Fuzzy Hash: 8966833a8c7337f3edd88a9bda1fe4a574db3ff718eaa4503364e3a1f4970410
                                                                                                                                • Instruction Fuzzy Hash: F7313B71600204FFFB65AA7AD849B96B3E8AB40350F148439F159D71A2DF3DED918B60

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 138 734330-734341 139 734343-73434c call 734869 138->139 140 73434d-7343d8 call 734869 * 9 call 7341f6 call 734246 138->140 139->140
                                                                                                                                APIs
                                                                                                                                • _free.LIBCMT ref: 00734344
                                                                                                                                  • Part of subcall function 00734869: HeapFree.KERNEL32(00000000,00000000,?,0073620D,?,00000000,?,00000000,?,00736234,?,00000007,?,?,0073669F,?), ref: 0073487F
                                                                                                                                  • Part of subcall function 00734869: GetLastError.KERNEL32(?,?,0073620D,?,00000000,?,00000000,?,00736234,?,00000007,?,?,0073669F,?,?), ref: 00734891
                                                                                                                                • _free.LIBCMT ref: 00734350
                                                                                                                                • _free.LIBCMT ref: 0073435B
                                                                                                                                • _free.LIBCMT ref: 00734366
                                                                                                                                • _free.LIBCMT ref: 00734371
                                                                                                                                • _free.LIBCMT ref: 0073437C
                                                                                                                                • _free.LIBCMT ref: 00734387
                                                                                                                                • _free.LIBCMT ref: 00734392
                                                                                                                                • _free.LIBCMT ref: 0073439D
                                                                                                                                • _free.LIBCMT ref: 007343AB
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 776569668-0
                                                                                                                                • Opcode ID: 1103ea7655942f4ab706ee37d8aee7ef1832a873e9870f4ac799453d180e40e5
                                                                                                                                • Instruction ID: 8752eaca7ea90aec19e5854a5ca941a836234e897e96b7e863a84c7832c60678
                                                                                                                                • Opcode Fuzzy Hash: 1103ea7655942f4ab706ee37d8aee7ef1832a873e9870f4ac799453d180e40e5
                                                                                                                                • Instruction Fuzzy Hash: B811B676600148FFEB49EF96D846CD97BA5EF44750F0141A2BA088F273DA39EE519F80

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 165 737ab4-737acd 166 737ae3-737ae8 165->166 167 737acf-737adf call 7382cc 165->167 168 737af5-737b19 MultiByteToWideChar 166->168 169 737aea-737af2 166->169 167->166 177 737ae1 167->177 171 737b1f-737b2b 168->171 172 737cac-737cbf call 73123a 168->172 169->168 174 737b7f 171->174 175 737b2d-737b3e 171->175 181 737b81-737b83 174->181 178 737b40-737b4f call 73ac20 175->178 179 737b5d-737b63 175->179 177->166 184 737ca1 178->184 192 737b55-737b5b 178->192 183 737b64 call 7362ff 179->183 181->184 185 737b89-737b9c MultiByteToWideChar 181->185 189 737b69-737b6e 183->189 187 737ca3-737caa call 73646a 184->187 185->184 186 737ba2-737bbd call 735a15 185->186 186->184 197 737bc3-737bca 186->197 187->172 189->184 193 737b74 189->193 196 737b7a-737b7d 192->196 193->196 196->181 198 737c04-737c10 197->198 199 737bcc-737bd1 197->199 201 737c12-737c23 198->201 202 737c5c 198->202 199->187 200 737bd7-737bd9 199->200 200->184 203 737bdf-737bf9 call 735a15 200->203 205 737c25-737c34 call 73ac20 201->205 206 737c3e-737c44 201->206 204 737c5e-737c60 202->204 203->187 218 737bff 203->218 209 737c62-737c7b call 735a15 204->209 210 737c9a-737ca0 call 73646a 204->210 205->210 221 737c36-737c3c 205->221 207 737c45 call 7362ff 206->207 212 737c4a-737c4f 207->212 209->210 223 737c7d-737c84 209->223 210->184 212->210 217 737c51 212->217 222 737c57-737c5a 217->222 218->184 221->222 222->204 224 737cc0-737cc6 223->224 225 737c86-737c87 223->225 226 737c88-737c98 WideCharToMultiByte 224->226 225->226 226->210 227 737cc8-737ccf call 73646a 226->227 227->187
                                                                                                                                APIs
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00000100,007354C8,00000000,?,?,?,00737D05,?,?,00000100), ref: 00737B0E
                                                                                                                                • __alloca_probe_16.LIBCMT ref: 00737B46
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,?,00737D05,?,?,00000100,5EFC4D8B,?,?), ref: 00737B94
                                                                                                                                • __alloca_probe_16.LIBCMT ref: 00737C2B
                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,5EFC4D8B,00000100,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00737C8E
                                                                                                                                • __freea.LIBCMT ref: 00737C9B
                                                                                                                                  • Part of subcall function 007362FF: HeapAlloc.KERNEL32(00000000,?,00000004,?,00737E5B,?,00000000,?,0073686F,?,00000004,00000000,?,?,?,00733BCD), ref: 00736331
                                                                                                                                • __freea.LIBCMT ref: 00737CA4
                                                                                                                                • __freea.LIBCMT ref: 00737CC9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2597970681-0
                                                                                                                                • Opcode ID: 3bb87b0b2f2d237dca852972ddb1607c4e3c62db9e4d07b381e11d1d704f1475
                                                                                                                                • Instruction ID: 7d414051bf8986072534af16a24fa1845520b863806744546ee28980b722c62d
                                                                                                                                • Opcode Fuzzy Hash: 3bb87b0b2f2d237dca852972ddb1607c4e3c62db9e4d07b381e11d1d704f1475
                                                                                                                                • Instruction Fuzzy Hash: D451C1B2614216AFFB398F64CC85EBF77AAEB44750F158629FC04D6142EB78DC40D6A0

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 230 738417-738474 GetConsoleCP 231 7385b7-7385c9 call 73123a 230->231 232 73847a-738496 230->232 234 7384b1-7384c2 call 736052 232->234 235 738498-7384af 232->235 242 7384c4-7384c7 234->242 243 7384e8-7384ea 234->243 237 7384eb-7384fa call 7372b7 235->237 237->231 244 738500-738520 WideCharToMultiByte 237->244 245 73858e-7385ad 242->245 246 7384cd-7384df call 7372b7 242->246 243->237 244->231 247 738526-73853c WriteFile 244->247 245->231 246->231 252 7384e5-7384e6 246->252 250 7385af-7385b5 GetLastError 247->250 251 73853e-73854f 247->251 250->231 251->231 253 738551-738555 251->253 252->244 254 738583-738586 253->254 255 738557-738575 WriteFile 253->255 254->232 257 73858c 254->257 255->250 256 738577-73857b 255->256 256->231 258 73857d-738580 256->258 257->231 258->254
                                                                                                                                APIs
                                                                                                                                • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,00738B8C,?,00000000,?,00000000,00000000), ref: 00738459
                                                                                                                                • __fassign.LIBCMT ref: 007384D4
                                                                                                                                • __fassign.LIBCMT ref: 007384EF
                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 00738515
                                                                                                                                • WriteFile.KERNEL32(?,?,00000000,00738B8C,00000000,?,?,?,?,?,?,?,?,?,00738B8C,?), ref: 00738534
                                                                                                                                • WriteFile.KERNEL32(?,?,00000001,00738B8C,00000000,?,?,?,?,?,?,?,?,?,00738B8C,?), ref: 0073856D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1324828854-0
                                                                                                                                • Opcode ID: b2b46a0205e9d2324dbdaaf9f575c2748f011d5ce0e84acfb88b22b8a48ca5f4
                                                                                                                                • Instruction ID: a12375fde4e87344dc71212e7d7ee6b09966dc37f4fd37715b7787b7c85f2988
                                                                                                                                • Opcode Fuzzy Hash: b2b46a0205e9d2324dbdaaf9f575c2748f011d5ce0e84acfb88b22b8a48ca5f4
                                                                                                                                • Instruction Fuzzy Hash: DF51C470A002499FEB11CFA8D885AEEBBF4FF19300F14411AF555E7392E7349951CB65

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 259 731e00-731e51 call 73ac80 call 731dc0 call 732377 266 731e53-731e65 259->266 267 731ead-731eb0 259->267 269 731ed0-731ed9 266->269 270 731e67-731e7e 266->270 268 731eb2-731ebf call 732360 267->268 267->269 275 731ec4-731ecd call 731dc0 268->275 272 731e80-731e8e call 732300 270->272 273 731e94 270->273 282 731e90 272->282 283 731ea4-731eab 272->283 274 731e97-731e9c 273->274 274->270 277 731e9e-731ea0 274->277 275->269 277->269 280 731ea2 277->280 280->275 284 731e92 282->284 285 731eda-731ee3 282->285 283->275 284->274 286 731ee5-731eec 285->286 287 731f1d-731f2d call 732340 285->287 286->287 289 731eee-731efd call 73aac0 286->289 292 731f41-731f5d call 731dc0 call 732320 287->292 293 731f2f-731f3e call 732360 287->293 295 731f1a 289->295 296 731eff-731f17 289->296 293->292 295->287 296->295
                                                                                                                                APIs
                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00731E37
                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 00731E3F
                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00731EC8
                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00731EF3
                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00731F48
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                • String ID: csm
                                                                                                                                • API String ID: 1170836740-1018135373
                                                                                                                                • Opcode ID: 207e8d7614e36c4219102dae23d0433c22e4ad1dedeb4923d4a9b2dfd2425956
                                                                                                                                • Instruction ID: 948f0db7400d696d919cac182dd03678963718012ce924b2f9292c5ddc72754d
                                                                                                                                • Opcode Fuzzy Hash: 207e8d7614e36c4219102dae23d0433c22e4ad1dedeb4923d4a9b2dfd2425956
                                                                                                                                • Instruction Fuzzy Hash: CF41E234A00208EFEF10DF68C885A9EBBB5BF45365F548055EC159B393D73AAE41CB91

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 305 73621b-736226 306 7362fc-7362fe 305->306 307 73622c-7362f9 call 7361df * 5 call 734869 * 3 call 7361df * 5 call 734869 * 4 305->307 307->306
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 007361DF: _free.LIBCMT ref: 00736208
                                                                                                                                • _free.LIBCMT ref: 00736269
                                                                                                                                  • Part of subcall function 00734869: HeapFree.KERNEL32(00000000,00000000,?,0073620D,?,00000000,?,00000000,?,00736234,?,00000007,?,?,0073669F,?), ref: 0073487F
                                                                                                                                  • Part of subcall function 00734869: GetLastError.KERNEL32(?,?,0073620D,?,00000000,?,00000000,?,00736234,?,00000007,?,?,0073669F,?,?), ref: 00734891
                                                                                                                                • _free.LIBCMT ref: 00736274
                                                                                                                                • _free.LIBCMT ref: 0073627F
                                                                                                                                • _free.LIBCMT ref: 007362D3
                                                                                                                                • _free.LIBCMT ref: 007362DE
                                                                                                                                • _free.LIBCMT ref: 007362E9
                                                                                                                                • _free.LIBCMT ref: 007362F4
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 776569668-0
                                                                                                                                • Opcode ID: 1d7f3cd73ca15569adc6f3b3063faa031294499d8d9ad134557c71114fc07fde
                                                                                                                                • Instruction ID: 2a8ab4f47a94e44ca8b8eaca527ff2a44c8e741169445bc49e1008c1fc0e2ce6
                                                                                                                                • Opcode Fuzzy Hash: 1d7f3cd73ca15569adc6f3b3063faa031294499d8d9ad134557c71114fc07fde
                                                                                                                                • Instruction Fuzzy Hash: 18112172540B58FAF560B7B1CC1FFDBB79C6F44700F408825F79AA6093DA6DBA054A50

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 342 7323d1-7323d8 343 7323da-7323dc 342->343 344 7323dd-7323f8 GetLastError call 7326a4 342->344 347 732411-732413 344->347 348 7323fa-7323fc 344->348 349 732457-732462 SetLastError 347->349 348->349 350 7323fe-73240f call 7326df 348->350 350->347 353 732415-732425 call 733f67 350->353 356 732427-732437 call 7326df 353->356 357 732439-732449 call 7326df 353->357 356->357 362 73244b-73244d 356->362 363 73244f-732456 call 733ec5 357->363 362->363 363->349
                                                                                                                                APIs
                                                                                                                                • GetLastError.KERNEL32(?,?,007323C8,0073209F,00731AFC), ref: 007323DF
                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 007323ED
                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00732406
                                                                                                                                • SetLastError.KERNEL32(00000000,007323C8,0073209F,00731AFC), ref: 00732458
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3852720340-0
                                                                                                                                • Opcode ID: c2a55af16664fda7917eafb17e5ddcc1fd8da60605ab9f286073323d7505d40c
                                                                                                                                • Instruction ID: 7aa1c1d8f4beeae8466d894462adfd47a86176dbbbe02db5f5f65df8a117118d
                                                                                                                                • Opcode Fuzzy Hash: c2a55af16664fda7917eafb17e5ddcc1fd8da60605ab9f286073323d7505d40c
                                                                                                                                • Instruction Fuzzy Hash: 3501D437208365DEB62427B86C8A6272758DB027B5F30423AF620814F7EF1D4C939248

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 366 734424-734438 GetLastError 367 734446-73444b 366->367 368 73443a-734444 call 735904 366->368 370 73444d call 73480c 367->370 368->367 373 73448f-73449a SetLastError 368->373 372 734452-734458 370->372 374 734463-734471 call 73595a 372->374 375 73445a 372->375 381 734473-734474 374->381 382 734476-73448d call 734296 call 734869 374->382 376 73445b-734461 call 734869 375->376 383 73449b-7344a7 SetLastError call 733f24 376->383 381->376 382->373 382->383
                                                                                                                                APIs
                                                                                                                                • GetLastError.KERNEL32(00000008,?,00736D69,?,?,?,007404C8,0000002C,00733F34,00000016,0073209F,00731AFC), ref: 00734428
                                                                                                                                • _free.LIBCMT ref: 0073445B
                                                                                                                                • _free.LIBCMT ref: 00734483
                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 00734490
                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 0073449C
                                                                                                                                • _abort.LIBCMT ref: 007344A2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$_free$_abort
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3160817290-0
                                                                                                                                • Opcode ID: 2d13842ab78cd9e4d83eb8ec461d511421913ea388c1240ecd8e67a57df9f359
                                                                                                                                • Instruction ID: c762d948308419f0a6be0f83d2e5b7e732506a75ed0a48187990d75c40964bed
                                                                                                                                • Opcode Fuzzy Hash: 2d13842ab78cd9e4d83eb8ec461d511421913ea388c1240ecd8e67a57df9f359
                                                                                                                                • Instruction Fuzzy Hash: 5CF0C8355007C0F6F62E77346C0EF6B266AAFC2771F248534FA28D21A3EF2DA9424125

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 390 7336fc-733724 GetModuleHandleExW 391 733726-733739 GetProcAddress 390->391 392 733749-73374d 390->392 393 73373b-733746 391->393 394 733748 391->394 395 733758-733765 call 73123a 392->395 396 73374f-733752 FreeLibrary 392->396 393->394 394->392 396->395
                                                                                                                                APIs
                                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,007336AD,?,?,0073364D,?,007402E0,0000000C,007337A4,?,00000002), ref: 0073371C
                                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0073372F
                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,007336AD,?,?,0073364D,?,007402E0,0000000C,007337A4,?,00000002,00000000), ref: 00733752
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                • Opcode ID: 1a6d54c4367b8f6cdfdd4173420953fe65d45e374caa9070b1d60e9ee5cc1cb6
                                                                                                                                • Instruction ID: 1f46b7af1ad5aa4ce19cd7efdbfca1f77301fa6167fda84902f5fa539825d010
                                                                                                                                • Opcode Fuzzy Hash: 1a6d54c4367b8f6cdfdd4173420953fe65d45e374caa9070b1d60e9ee5cc1cb6
                                                                                                                                • Instruction Fuzzy Hash: 24F04FB0A0021CBBEB159B90DC89BAEBFB4EF48756F408065FA05A6161DB395A44CA94

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 400 73634d-736372 call 733f72 403 736374-73637c 400->403 404 73637f-7363a5 MultiByteToWideChar 400->404 403->404 405 736444-736448 404->405 406 7363ab-7363b7 404->406 409 736454-736469 call 73123a 405->409 410 73644a-73644d 405->410 407 736403 406->407 408 7363b9-7363ca 406->408 412 736405-736407 407->412 413 7363e5-7363eb 408->413 414 7363cc-7363db call 73ac20 408->414 410->409 417 736409-73642b call 7320b0 MultiByteToWideChar 412->417 418 73643d-736443 call 73646a 412->418 415 7363ec call 7362ff 413->415 414->418 427 7363dd-7363e3 414->427 420 7363f1-7363f6 415->420 417->418 429 73642d-73643b GetStringTypeW 417->429 418->405 420->418 424 7363f8 420->424 428 7363fe-736401 424->428 427->428 428->412 429->418
                                                                                                                                APIs
                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000100,00000020,00000000,00000000,5EFC4D8B,00000100,007354C8,00000000,00000001,00000020,00000100,?,5EFC4D8B,00000000), ref: 0073639A
                                                                                                                                • __alloca_probe_16.LIBCMT ref: 007363D2
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00736423
                                                                                                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00736435
                                                                                                                                • __freea.LIBCMT ref: 0073643E
                                                                                                                                  • Part of subcall function 007362FF: HeapAlloc.KERNEL32(00000000,?,00000004,?,00737E5B,?,00000000,?,0073686F,?,00000004,00000000,?,?,?,00733BCD), ref: 00736331
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharMultiWide$AllocHeapStringType__alloca_probe_16__freea
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1857427562-0
                                                                                                                                • Opcode ID: 083a6de1a4e18cebab5b93ec33866de467c436e73b43af72ee94a14ca8a64f01
                                                                                                                                • Instruction ID: 17029c429691c498f6fc14358c668238a139b1e0471e640a95e38d245bb9a859
                                                                                                                                • Opcode Fuzzy Hash: 083a6de1a4e18cebab5b93ec33866de467c436e73b43af72ee94a14ca8a64f01
                                                                                                                                • Instruction Fuzzy Hash: E431DE72A0025AABEF259F64DC45EAE7BA5EF00350F148128FC14DA152E739CE51CBA0

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 430 73561e-735633 GetEnvironmentStringsW 431 735635-735655 call 7355e7 WideCharToMultiByte 430->431 432 73568b 430->432 431->432 438 735657 431->438 434 73568d-73568f 432->434 436 735691-735692 FreeEnvironmentStringsW 434->436 437 735698-7356a0 434->437 436->437 439 735658 call 7362ff 438->439 440 73565d-735662 439->440 441 735680 440->441 442 735664-735678 WideCharToMultiByte 440->442 444 735682-735689 call 734869 441->444 442->441 443 73567a-73567e 442->443 443->444 444->434
                                                                                                                                APIs
                                                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 00735627
                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0073564A
                                                                                                                                  • Part of subcall function 007362FF: HeapAlloc.KERNEL32(00000000,?,00000004,?,00737E5B,?,00000000,?,0073686F,?,00000004,00000000,?,?,?,00733BCD), ref: 00736331
                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00735670
                                                                                                                                • _free.LIBCMT ref: 00735683
                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00735692
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocFreeHeap_free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2278895681-0
                                                                                                                                • Opcode ID: 7a98ae1bc792560ec92855d7877534c7744fe12c2226e5ca2c3f5ae1ac6d5e1a
                                                                                                                                • Instruction ID: c02b5e2801b83a73d7a7a3d9ebcc05825840d835c706ae3818e3f035c00d990d
                                                                                                                                • Opcode Fuzzy Hash: 7a98ae1bc792560ec92855d7877534c7744fe12c2226e5ca2c3f5ae1ac6d5e1a
                                                                                                                                • Instruction Fuzzy Hash: B501A772602A55FF37211AB65C8EC7B6A6DDEC2FA17564129F914C7142EB6C8C0181B4

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 447 7344a8-7344bf GetLastError 448 7344c1-7344cb call 735904 447->448 449 7344cd-7344d2 447->449 448->449 454 73451e-734525 SetLastError 448->454 450 7344d4 call 73480c 449->450 453 7344d9-7344df 450->453 455 7344e1 453->455 456 7344ea-7344f8 call 73595a 453->456 457 734527-73452c 454->457 458 7344e2-7344e8 call 734869 455->458 463 7344fa-7344fb 456->463 464 7344fd-734513 call 734296 call 734869 456->464 465 734515-73451c SetLastError 458->465 463->458 464->454 464->465 465->457
                                                                                                                                APIs
                                                                                                                                • GetLastError.KERNEL32(?,?,?,007347FE,00737E79,?,0073686F,?,00000004,00000000,?,?,?,00733BCD,?,00000000), ref: 007344AD
                                                                                                                                • _free.LIBCMT ref: 007344E2
                                                                                                                                • _free.LIBCMT ref: 00734509
                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 00734516
                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 0073451F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$_free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3170660625-0
                                                                                                                                • Opcode ID: 357cbe5b287b5c99e42577c5a5d9ee51b55ecd0c41499d4b9fcdf10ce7c805e3
                                                                                                                                • Instruction ID: b657b9900f285c5b0583d0e4c0123831be6e5d41360ee7615350ad8d476742e4
                                                                                                                                • Opcode Fuzzy Hash: 357cbe5b287b5c99e42577c5a5d9ee51b55ecd0c41499d4b9fcdf10ce7c805e3
                                                                                                                                • Instruction Fuzzy Hash: 3501F976600644F7B61E76346C4DF2B226DEBC1372F204025F519D2193EF2CAD114124

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 470 736176-736181 471 736183-73618b 470->471 472 7361dc-7361de 470->472 473 736194-73619d 471->473 474 73618d-736193 call 734869 471->474 476 7361a6-7361af 473->476 477 73619f-7361a5 call 734869 473->477 474->473 480 7361b1-7361b7 call 734869 476->480 481 7361b8-7361c1 476->481 477->476 480->481 484 7361c3-7361c9 call 734869 481->484 485 7361ca-7361d3 481->485 484->485 485->472 486 7361d5-7361db call 734869 485->486 486->472
                                                                                                                                APIs
                                                                                                                                • _free.LIBCMT ref: 0073618E
                                                                                                                                  • Part of subcall function 00734869: HeapFree.KERNEL32(00000000,00000000,?,0073620D,?,00000000,?,00000000,?,00736234,?,00000007,?,?,0073669F,?), ref: 0073487F
                                                                                                                                  • Part of subcall function 00734869: GetLastError.KERNEL32(?,?,0073620D,?,00000000,?,00000000,?,00736234,?,00000007,?,?,0073669F,?,?), ref: 00734891
                                                                                                                                • _free.LIBCMT ref: 007361A0
                                                                                                                                • _free.LIBCMT ref: 007361B2
                                                                                                                                • _free.LIBCMT ref: 007361C4
                                                                                                                                • _free.LIBCMT ref: 007361D6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 776569668-0
                                                                                                                                • Opcode ID: 7516683ed8e4c48278b234dabbe42a4b7dca3677a1870c051601dcced82502d8
                                                                                                                                • Instruction ID: 23770d30f152a11b77b9425e2f6c5999f35688591a5cd15603d5f4fbe7da0b2f
                                                                                                                                • Opcode Fuzzy Hash: 7516683ed8e4c48278b234dabbe42a4b7dca3677a1870c051601dcced82502d8
                                                                                                                                • Instruction Fuzzy Hash: 7FF0C232610244BFA664EB15F885C5AB7DDAA42B10B998806F50DC3443CB3CFC808A64
                                                                                                                                APIs
                                                                                                                                • _free.LIBCMT ref: 00733DAD
                                                                                                                                  • Part of subcall function 00734869: HeapFree.KERNEL32(00000000,00000000,?,0073620D,?,00000000,?,00000000,?,00736234,?,00000007,?,?,0073669F,?), ref: 0073487F
                                                                                                                                  • Part of subcall function 00734869: GetLastError.KERNEL32(?,?,0073620D,?,00000000,?,00000000,?,00736234,?,00000007,?,?,0073669F,?,?), ref: 00734891
                                                                                                                                • _free.LIBCMT ref: 00733DBF
                                                                                                                                • _free.LIBCMT ref: 00733DD2
                                                                                                                                • _free.LIBCMT ref: 00733DE3
                                                                                                                                • _free.LIBCMT ref: 00733DF4
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 776569668-0
                                                                                                                                • Opcode ID: ff4323dce81a9ef45bcc077ec44ecb7c976bfe5ce05bfac8e9e68aea4c891deb
                                                                                                                                • Instruction ID: dae14b4a8107503c6306a8a51c5d40756ac8c40ab587ca921b4e3fbb9b34eedd
                                                                                                                                • Opcode Fuzzy Hash: ff4323dce81a9ef45bcc077ec44ecb7c976bfe5ce05bfac8e9e68aea4c891deb
                                                                                                                                • Instruction Fuzzy Hash: 38F05EBC950260EFE795BF15FC05499BB60BB467207C18267F602962B3C73D19A28FC8
                                                                                                                                APIs
                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\support.Client.exe,00000104), ref: 00732F93
                                                                                                                                • _free.LIBCMT ref: 0073305E
                                                                                                                                • _free.LIBCMT ref: 00733068
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _free$FileModuleName
                                                                                                                                • String ID: C:\Users\user\Desktop\support.Client.exe
                                                                                                                                • API String ID: 2506810119-3753615249
                                                                                                                                • Opcode ID: c4a19114a3614837b498e8cefba4c6be424cbf582aaa99229d5da7a891a3eadb
                                                                                                                                • Instruction ID: 3bd26351fec71d3f509e619d29be9e672b46ca92b9f13f0d78ace4c206613593
                                                                                                                                • Opcode Fuzzy Hash: c4a19114a3614837b498e8cefba4c6be424cbf582aaa99229d5da7a891a3eadb
                                                                                                                                • Instruction Fuzzy Hash: 8F319FB5A00218EFEB25EB99DC859AEBBFCEB85710F1040A7F40497212D7799A41CF91
                                                                                                                                APIs
                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00732594,00000000,?,00741B50,?,?,?,00732737,00000004,InitializeCriticalSectionEx,0073BC48,InitializeCriticalSectionEx), ref: 007325F0
                                                                                                                                • GetLastError.KERNEL32(?,00732594,00000000,?,00741B50,?,?,?,00732737,00000004,InitializeCriticalSectionEx,0073BC48,InitializeCriticalSectionEx,00000000,?,007324C7), ref: 007325FA
                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00732622
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                                                • String ID: api-ms-
                                                                                                                                • API String ID: 3177248105-2084034818
                                                                                                                                • Opcode ID: 4ed80feb621dc0392c5e158017a83f21cfc0c1c5b1357c6b1f3223c1e8c898b5
                                                                                                                                • Instruction ID: ce024514cf574673929cdcccb9f98b340fe5664b6d0ae4c2b6c0738497805c4e
                                                                                                                                • Opcode Fuzzy Hash: 4ed80feb621dc0392c5e158017a83f21cfc0c1c5b1357c6b1f3223c1e8c898b5
                                                                                                                                • Instruction Fuzzy Hash: B8E04870640308FBFF151B60EC47F593F54AF10B52F104420FA0DE44E3E7A9E9559559
                                                                                                                                APIs
                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,00735784,00000000,00000000,00000000,00000000,?,00735981,00000006,FlsSetValue), ref: 0073580F
                                                                                                                                • GetLastError.KERNEL32(?,00735784,00000000,00000000,00000000,00000000,?,00735981,00000006,FlsSetValue,0073C4D8,FlsSetValue,00000000,00000364,?,007344F6), ref: 0073581B
                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00735784,00000000,00000000,00000000,00000000,?,00735981,00000006,FlsSetValue,0073C4D8,FlsSetValue,00000000), ref: 00735829
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3177248105-0
                                                                                                                                • Opcode ID: a7aa9477851a31f788f1c2ebcfb10560cecc905c8f6286925653dd5e64569cfa
                                                                                                                                • Instruction ID: 44ab69476e612177b4f655583a4dde3218670536d3d353c9b373eac4f4125f98
                                                                                                                                • Opcode Fuzzy Hash: a7aa9477851a31f788f1c2ebcfb10560cecc905c8f6286925653dd5e64569cfa
                                                                                                                                • Instruction Fuzzy Hash: 4A012B76606732EFE7214B78EC44A977798AF057A2F204934FE1AD7141DB2CD800C6E4
                                                                                                                                APIs
                                                                                                                                • GetOEMCP.KERNEL32(00000000,?,?,00735147,?), ref: 00734EE9
                                                                                                                                • GetACP.KERNEL32(00000000,?,?,00735147,?), ref: 00734F00
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1953386407.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1953346977.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953414337.000000000073B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953519775.0000000000741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1953549029.0000000000743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_730000_support.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: GQs
                                                                                                                                • API String ID: 0-3761770180
                                                                                                                                • Opcode ID: 9a93e99adc3d8f1ba17bbdef048316d20649f3ae01c6fd69a7003590d7dcc804
                                                                                                                                • Instruction ID: 69aa14f33e25a851db89eaf5868bc0b197be6e2d598fb9d561a5910d834cee43
                                                                                                                                • Opcode Fuzzy Hash: 9a93e99adc3d8f1ba17bbdef048316d20649f3ae01c6fd69a7003590d7dcc804
                                                                                                                                • Instruction Fuzzy Hash: 43F0C2709001059BEB28DB68DC087A87770BB0133AF988384F5348B5E3C77DA880CF55

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:16.2%
                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                Signature Coverage:0%
                                                                                                                                Total number of Nodes:169
                                                                                                                                Total number of Limit Nodes:23
                                                                                                                                execution_graph 29841 7ffd9b894b75 29842 7ffd9b894b7f 29841->29842 29843 7ffd9b893f30 LoadLibraryExW 29842->29843 29844 7ffd9b894bad 29843->29844 29793 7ffd9b893d36 29794 7ffd9b893d3d 29793->29794 29799 7ffd9b892e48 29794->29799 29796 7ffd9b893e2a 29805 7ffd9b892e20 29796->29805 29800 7ffd9b893e70 29799->29800 29812 7ffd9b892e08 29800->29812 29802 7ffd9b893ec9 29802->29796 29803 7ffd9b893e8a 29803->29802 29816 7ffd9b892e30 29803->29816 29807 7ffd9b892e25 29805->29807 29806 7ffd9b892e59 29807->29806 29808 7ffd9b892e08 LoadLibraryExW 29807->29808 29810 7ffd9b893e8a 29808->29810 29809 7ffd9b893e4c 29810->29809 29811 7ffd9b892e30 LoadLibraryExW 29810->29811 29811->29809 29813 7ffd9b893f30 29812->29813 29814 7ffd9b8915c8 LoadLibraryExW 29813->29814 29815 7ffd9b893f55 29813->29815 29814->29815 29815->29803 29818 7ffd9b892e35 29816->29818 29817 7ffd9b892e59 29818->29817 29819 7ffd9b892e08 LoadLibraryExW 29818->29819 29821 7ffd9b893e8a 29819->29821 29820 7ffd9b893ec9 29820->29802 29821->29820 29822 7ffd9b892e30 LoadLibraryExW 29821->29822 29822->29820 29858 7ffd9b8934b6 29861 7ffd9b8934cb 29858->29861 29860 7ffd9b89378e 29862 7ffd9b893c81 29861->29862 29863 7ffd9b893cae 29862->29863 29864 7ffd9b892e48 LoadLibraryExW 29863->29864 29865 7ffd9b893d19 29864->29865 29865->29860 29886 7ffd9b8936d7 29887 7ffd9b8936e3 29886->29887 29890 7ffd9b892f80 29887->29890 29889 7ffd9b89370a 29891 7ffd9b8958a0 29890->29891 29894 7ffd9b892f00 29891->29894 29893 7ffd9b895929 29893->29889 29895 7ffd9b895ab0 29894->29895 29896 7ffd9b893f30 LoadLibraryExW 29895->29896 29897 7ffd9b895ad4 29895->29897 29896->29897 29897->29893 29748 7ffd9b89bf19 29749 7ffd9b89bf2f 29748->29749 29750 7ffd9b894c90 LoadLibraryExW 29749->29750 29752 7ffd9b89c086 29749->29752 29754 7ffd9b89bfe6 29750->29754 29753 7ffd9b89c12e 29752->29753 29756 7ffd9b89a728 29752->29756 29755 7ffd9b894c90 LoadLibraryExW 29754->29755 29755->29752 29757 7ffd9b89c710 29756->29757 29758 7ffd9b894c90 LoadLibraryExW 29757->29758 29759 7ffd9b89c7a3 29758->29759 29764 7ffd9b89a720 29759->29764 29761 7ffd9b89c7b4 29762 7ffd9b894c90 LoadLibraryExW 29761->29762 29763 7ffd9b89c7c2 29761->29763 29762->29763 29763->29752 29765 7ffd9b89d350 29764->29765 29766 7ffd9b89d460 29765->29766 29768 7ffd9b89d3cc 29765->29768 29769 7ffd9b89d449 29766->29769 29770 7ffd9b894c90 LoadLibraryExW 29766->29770 29767 7ffd9b894c90 LoadLibraryExW 29767->29769 29768->29767 29771 7ffd9b89d62c 29769->29771 29772 7ffd9b89d5db 29769->29772 29773 7ffd9b894c90 LoadLibraryExW 29769->29773 29770->29769 29771->29761 29774 7ffd9b894c90 LoadLibraryExW 29772->29774 29773->29772 29774->29771 29823 7ffd9b8c202f 29824 7ffd9b8c2034 29823->29824 29825 7ffd9b894c90 LoadLibraryExW 29824->29825 29827 7ffd9b8c2052 29825->29827 29826 7ffd9b8c206e 29827->29826 29828 7ffd9b895ab0 LoadLibraryExW 29827->29828 29829 7ffd9b8c2286 29828->29829 29830 7ffd9b895ab0 LoadLibraryExW 29829->29830 29831 7ffd9b8c230b 29830->29831 29898 7ffd9b8c15cf 29899 7ffd9b8c15de 29898->29899 29900 7ffd9b8c15eb 29899->29900 29901 7ffd9b8c164c 29899->29901 29902 7ffd9b894c90 LoadLibraryExW 29900->29902 29903 7ffd9b894c90 LoadLibraryExW 29901->29903 29905 7ffd9b8c1641 29902->29905 29908 7ffd9b8c16a2 29903->29908 29904 7ffd9b8c19d4 29905->29904 29907 7ffd9b894c90 LoadLibraryExW 29905->29907 29906 7ffd9b894c90 LoadLibraryExW 29906->29908 29911 7ffd9b8c188e 29907->29911 29908->29904 29908->29905 29908->29906 29909 7ffd9b8c17cb 29908->29909 29910 7ffd9b894c90 LoadLibraryExW 29909->29910 29910->29905 29911->29904 29912 7ffd9b894c90 LoadLibraryExW 29911->29912 29912->29904 29775 7ffd9b8c2714 29776 7ffd9b8c2719 29775->29776 29778 7ffd9b8c2ea5 29776->29778 29779 7ffd9b8c27d5 29776->29779 29784 7ffd9b8933d8 LoadLibraryExW 29776->29784 29780 7ffd9b894c90 LoadLibraryExW 29779->29780 29781 7ffd9b8c2933 29780->29781 29781->29778 29785 7ffd9b895ab0 29781->29785 29783 7ffd9b8c2997 29784->29779 29786 7ffd9b893f30 LoadLibraryExW 29785->29786 29787 7ffd9b895ad4 29785->29787 29786->29787 29787->29783 29913 7ffd9b89fcd2 29916 7ffd9b89fcff InternetGetCookieW 29913->29916 29915 7ffd9b89fec9 29916->29915 29866 7ffd9b8c29b2 29867 7ffd9b8c29e4 29866->29867 29868 7ffd9b895ab0 LoadLibraryExW 29867->29868 29869 7ffd9b8c2d86 29867->29869 29868->29869 29788 7ffd9b8c3411 29789 7ffd9b8c3415 29788->29789 29790 7ffd9b8c33b0 29788->29790 29791 7ffd9b8c34db 29789->29791 29792 7ffd9b894c90 LoadLibraryExW 29789->29792 29792->29791 29870 7ffd9b89a7a5 29872 7ffd9b89a7ad 29870->29872 29871 7ffd9b8d9eb5 29872->29871 29874 7ffd9b8c72a0 29872->29874 29875 7ffd9b8c72c5 29874->29875 29877 7ffd9b8c73dd 29875->29877 29878 7ffd9b89a778 29875->29878 29877->29872 29880 7ffd9b8c7520 29878->29880 29879 7ffd9b8c759c 29879->29875 29880->29879 29881 7ffd9b894c90 LoadLibraryExW 29880->29881 29881->29879 29853 7ffd9b89a88a 29854 7ffd9b8973d0 LoadLibraryExW 29853->29854 29855 7ffd9b89a897 29854->29855 29856 7ffd9b894c90 LoadLibraryExW 29855->29856 29857 7ffd9b89aa63 29856->29857 29837 7ffd9b89994b 29838 7ffd9b899957 CreateFileW 29837->29838 29840 7ffd9b899a8c 29838->29840 29719 7ffd9b8c31dd 29720 7ffd9b8c31e5 29719->29720 29721 7ffd9b8c325a 29720->29721 29723 7ffd9b8c3444 29720->29723 29726 7ffd9b8a8a20 29721->29726 29725 7ffd9b8c32f7 29723->29725 29730 7ffd9b894c90 29723->29730 29727 7ffd9b8a8a4d 29726->29727 29735 7ffd9b8973d0 29727->29735 29729 7ffd9b8a8a92 29731 7ffd9b894cb8 29730->29731 29732 7ffd9b894cc3 29730->29732 29731->29725 29733 7ffd9b893f30 LoadLibraryExW 29732->29733 29734 7ffd9b894cc8 29733->29734 29734->29725 29736 7ffd9b8973f6 29735->29736 29737 7ffd9b8973ff 29735->29737 29736->29729 29740 7ffd9b893f30 29737->29740 29739 7ffd9b897404 29739->29729 29742 7ffd9b893f55 29740->29742 29743 7ffd9b8915c8 29740->29743 29742->29739 29744 7ffd9b8915d1 29743->29744 29745 7ffd9b891683 29744->29745 29746 7ffd9b891802 LoadLibraryExW 29744->29746 29745->29742 29747 7ffd9b891836 29746->29747 29747->29742 29832 7ffd9b8a2923 29833 7ffd9b8a292f 29832->29833 29834 7ffd9b8a28e5 29833->29834 29835 7ffd9b8973d0 LoadLibraryExW 29833->29835 29836 7ffd9b8a2a32 29835->29836 29849 7ffd9b8c2461 29850 7ffd9b8c246b 29849->29850 29851 7ffd9b895ab0 LoadLibraryExW 29850->29851 29852 7ffd9b8c261b 29850->29852 29851->29852

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2546153727.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffd9b890000_dfsvc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LibraryLoad
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                • Opcode ID: 1b4fae60fcc83a5d7713a03973afccb39e06998d1a1c57c8f1c5bf7eb3213336
                                                                                                                                • Instruction ID: e4e749e596a8334f257f600c38561f7d2e4f240aadddc0349cfa015e3eca8808
                                                                                                                                • Opcode Fuzzy Hash: 1b4fae60fcc83a5d7713a03973afccb39e06998d1a1c57c8f1c5bf7eb3213336
                                                                                                                                • Instruction Fuzzy Hash: A3B17D62B0EB891FEB66DBAC58692687FD1EF59310F0941BFC049C71E7EA24A9058341

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1012 7ffd9b89fcd2-7ffd9b89fd98 1016 7ffd9b89fda5-7ffd9b89fdaa 1012->1016 1017 7ffd9b89fd9a-7ffd9b89fda2 1012->1017 1018 7ffd9b89fdb7-7ffd9b89fdc3 1016->1018 1019 7ffd9b89fdac-7ffd9b89fdb4 1016->1019 1017->1016 1020 7ffd9b89fe49-7ffd9b89fe50 1018->1020 1021 7ffd9b89fdc9-7ffd9b89fdfc 1018->1021 1019->1018 1022 7ffd9b89fe6b-7ffd9b89fec7 InternetGetCookieW 1020->1022 1028 7ffd9b89fdfe-7ffd9b89fe00 1021->1028 1029 7ffd9b89fe52-7ffd9b89fe58 1021->1029 1023 7ffd9b89fec9 1022->1023 1024 7ffd9b89fecf-7ffd9b89fee2 1022->1024 1023->1024 1026 7ffd9b89ff07-7ffd9b89ff39 call 7ffd9b89ff55 1024->1026 1027 7ffd9b89fee4-7ffd9b89ff06 1024->1027 1040 7ffd9b89ff3b 1026->1040 1041 7ffd9b89ff40-7ffd9b89ff54 1026->1041 1027->1026 1030 7ffd9b89fe39-7ffd9b89fe47 1028->1030 1031 7ffd9b89fe02-7ffd9b89fe14 1028->1031 1036 7ffd9b89fe5a-7ffd9b89fe66 1029->1036 1030->1036 1034 7ffd9b89fe16 1031->1034 1035 7ffd9b89fe18-7ffd9b89fe2b 1031->1035 1034->1035 1035->1035 1039 7ffd9b89fe2d-7ffd9b89fe35 1035->1039 1036->1022 1039->1030 1040->1041
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2546153727.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffd9b890000_dfsvc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CookieInternet
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 930238652-0
                                                                                                                                • Opcode ID: 620b262c6d24b2c411b8ca1d6139f2ef117fe9a18dbc933658d143034bcc5504
                                                                                                                                • Instruction ID: f331168c3d137f35fa576278e1cdc859dd63cd532be48bd21940e9759a1e0885
                                                                                                                                • Opcode Fuzzy Hash: 620b262c6d24b2c411b8ca1d6139f2ef117fe9a18dbc933658d143034bcc5504
                                                                                                                                • Instruction Fuzzy Hash: 70919F30608B8D4FEB69DF6888557F93BE1EF59310F05426BE84DCB292CB74A9458B81

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1043 7ffd9b89994b-7ffd9b8999e0 1047 7ffd9b8999ea-7ffd9b899a8a CreateFileW 1043->1047 1048 7ffd9b8999e2-7ffd9b8999e7 1043->1048 1050 7ffd9b899a8c 1047->1050 1051 7ffd9b899a92-7ffd9b899ac5 1047->1051 1048->1047 1050->1051
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2546153727.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffd9b890000_dfsvc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateFile
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 823142352-0
                                                                                                                                • Opcode ID: 405e30bfb1173e3cf25c31da219740d78c46a203841669da50b313a87decc31c
                                                                                                                                • Instruction ID: 54f605383aa779ddbfb9128457b0d71ce5ea1507c5bcb6309f2c42f943fa13c3
                                                                                                                                • Opcode Fuzzy Hash: 405e30bfb1173e3cf25c31da219740d78c46a203841669da50b313a87decc31c
                                                                                                                                • Instruction Fuzzy Hash: 4751A031A0CA5C8FDB68DF58D859BA9BBE0FF59310F1442AEE04DD3252CB34A941CB81
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2545210439.00007FFD9B77D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B77D000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffd9b77d000_dfsvc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1e34c96a3df84b8b21eee93e358abcb07c28a13c445bcbee3a63c52dec5649ae
                                                                                                                                • Instruction ID: cd796f716a903c6266db97316037bf86b136f327c0e861ba5a0c03c36c91cb3d
                                                                                                                                • Opcode Fuzzy Hash: 1e34c96a3df84b8b21eee93e358abcb07c28a13c445bcbee3a63c52dec5649ae
                                                                                                                                • Instruction Fuzzy Hash: 2241287150DBC44FE396CB2898959523FF0EF52320B0506EFD088CB1B3D665A846C792

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:12.4%
                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                Signature Coverage:0%
                                                                                                                                Total number of Nodes:8
                                                                                                                                Total number of Limit Nodes:1
                                                                                                                                execution_graph 24189 7ffd9b8af67b 24190 7ffd9b8af687 CreateFileW 24189->24190 24192 7ffd9b8af7bc 24190->24192 24184 7ffd9b8a8414 24186 7ffd9b8a841d 24184->24186 24185 7ffd9b8a8482 24186->24185 24187 7ffd9b8a84f6 SetProcessMitigationPolicy 24186->24187 24188 7ffd9b8a8552 24187->24188
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6b38a9e18287f516fa393a291e397f1c939a183327aa30817489ee42787c67de
                                                                                                                                • Instruction ID: 4ea9da130b899c5efe0baec7afb00ff06e73d0f383e64bbcaa74aeb3382d104a
                                                                                                                                • Opcode Fuzzy Hash: 6b38a9e18287f516fa393a291e397f1c939a183327aa30817489ee42787c67de
                                                                                                                                • Instruction Fuzzy Hash: 6AB23731B1EE0E4BE7B9AA6884757B973D2FF98344F16017AD05DC32E6DD39A9428340
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d64bfcee23b3fbdd4d566498e560a3524f36b20196fbd62431386420a7922aa9
                                                                                                                                • Instruction ID: 1bc453ad50df68caeba6e8dbfb43da5647fc0561e806d6ac9418e54bf6906a6d
                                                                                                                                • Opcode Fuzzy Hash: d64bfcee23b3fbdd4d566498e560a3524f36b20196fbd62431386420a7922aa9
                                                                                                                                • Instruction Fuzzy Hash: 24024130A1DA4A4FE368DB29C8619B1B7E0FF55318B1546BDD09BC35E6DE28F8438780
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9a4138dcdbc6452142690498c599e6dcf0de4ead4666ab3fc23eb356eb109101
                                                                                                                                • Instruction ID: ceabeaf47ae8116d27546c074b5b8ad89e9db628cdce27c64fd49e50c50b85c1
                                                                                                                                • Opcode Fuzzy Hash: 9a4138dcdbc6452142690498c599e6dcf0de4ead4666ab3fc23eb356eb109101
                                                                                                                                • Instruction Fuzzy Hash: D2F1D531B0EE0F4BEBB996B844712B976D2FF98348F560079D45EC71E6DD39AA428340
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b337b9b0dfa4e29b67f1310e6bf813fd6eb9b1a021a400d27b29693aaa0ced70
                                                                                                                                • Instruction ID: 1fcd26a735298175101b47816de54121403a5fe8f70bf29928f825f828b3cd8c
                                                                                                                                • Opcode Fuzzy Hash: b337b9b0dfa4e29b67f1310e6bf813fd6eb9b1a021a400d27b29693aaa0ced70
                                                                                                                                • Instruction Fuzzy Hash: F7D1A531B1AE4F4AEB7997B484716B976D2FF94348F560079D05EC32E6DD39BA028340
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a12123e93395e358df19eaa2a5ec2a4f58fe266a6873d6dedd09f2d0d55785f0
                                                                                                                                • Instruction ID: 61aa0267729f8b25aa9b6d8ce5cafb94826861840da222525a22196e076ea094
                                                                                                                                • Opcode Fuzzy Hash: a12123e93395e358df19eaa2a5ec2a4f58fe266a6873d6dedd09f2d0d55785f0
                                                                                                                                • Instruction Fuzzy Hash: ADA17921B2DE8E0FE76DDB6888756B97791FF65308B1502FED04AC31E7DD28A9068341
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b486a91a7d731e0a2022b974f52204574aa25d3f8369c7eab36a7c57bd0855ba
                                                                                                                                • Instruction ID: 4b495f383f5664cecb4b5e246eba7e17ecff52a8f778fc3c3871cbd243855830
                                                                                                                                • Opcode Fuzzy Hash: b486a91a7d731e0a2022b974f52204574aa25d3f8369c7eab36a7c57bd0855ba
                                                                                                                                • Instruction Fuzzy Hash: 96916331B1AD1F4AEBB997B540716BD72D2FF98349F560079D01EC32E2DE39AA428350

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 332 7ffd9b8af67b-7ffd9b8af710 337 7ffd9b8af71a-7ffd9b8af7ba CreateFileW 332->337 338 7ffd9b8af712-7ffd9b8af717 332->338 340 7ffd9b8af7bc 337->340 341 7ffd9b8af7c2-7ffd9b8af7f5 337->341 338->337 340->341
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2946342857.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9b8a0000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateFile
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 823142352-0
                                                                                                                                • Opcode ID: 2c5a04e8041da48d38df0341eb3560f4b1defbdb0dbe0f98fa8634a8880dc19b
                                                                                                                                • Instruction ID: 3881d28ea9290cb59dcac4732555317f57614a2f23d2499c9e6f85edf1f9a6ed
                                                                                                                                • Opcode Fuzzy Hash: 2c5a04e8041da48d38df0341eb3560f4b1defbdb0dbe0f98fa8634a8880dc19b
                                                                                                                                • Instruction Fuzzy Hash: B251A071A0DA5C8FDB68DF58D845BE8BBE0FB59310F1442AEE04DD3252CB34A845CB81

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2946342857.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9b8a0000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MitigationPolicyProcess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1088084561-0
                                                                                                                                • Opcode ID: b2908fcf65e3a75435a9d36d97c3a6d92b9b848c3fec417094ee0d81b99289cc
                                                                                                                                • Instruction ID: b18b898f63d2ced032398873daac11fcc6c4e5619debcc4cb3f4000aa36515fe
                                                                                                                                • Opcode Fuzzy Hash: b2908fcf65e3a75435a9d36d97c3a6d92b9b848c3fec417094ee0d81b99289cc
                                                                                                                                • Instruction Fuzzy Hash: 7D414931D0DB484FDB28AFA89C4A5F97BE0EF59310F44017FE449C3192DF68A94687A2

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 933 7ffd9bb92131-7ffd9bb921cb 939 7ffd9bb921d1-7ffd9bb921d8 933->939
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: N
                                                                                                                                • API String ID: 0-1161386698
                                                                                                                                • Opcode ID: 8fe59e87865b70359681fa597d39fae4e3b1998f489ad5c7b3bbb7b23982043d
                                                                                                                                • Instruction ID: 651bd44f972daef2b4e255f1cd7d7792994981ced1e81b66fb88d48ebbc50b6f
                                                                                                                                • Opcode Fuzzy Hash: 8fe59e87865b70359681fa597d39fae4e3b1998f489ad5c7b3bbb7b23982043d
                                                                                                                                • Instruction Fuzzy Hash: B8115931B08A494FD788DB6CC8187547BD1FF99314F4900AAD18DCB2F2EE69AD528B41

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 940 7ffd9bb86cdb-7ffd9bb86cea 943 7ffd9bb86cf0-7ffd9bb86d06 940->943 944 7ffd9bb86f3a-7ffd9bb86f52 940->944 946 7ffd9bb86d52-7ffd9bb86d61 943->946 947 7ffd9bb86d08-7ffd9bb86d25 943->947 949 7ffd9bb86f54-7ffd9bb86f66 call 7ffd9bb85130 944->949 950 7ffd9bb86f6b-7ffd9bb86f83 944->950 954 7ffd9bb8809e-7ffd9bb880d4 947->954 955 7ffd9bb86d2b-7ffd9bb86d50 947->955 949->950 957 7ffd9bb86fbf-7ffd9bb86fd4 950->957 958 7ffd9bb86f85-7ffd9bb86fba call 7ffd9bb85130 950->958 981 7ffd9bb880db-7ffd9bb880f6 954->981 955->946 964 7ffd9bb86ffb-7ffd9bb86ffc 957->964 965 7ffd9bb86fd6-7ffd9bb86ff6 957->965 958->957 967 7ffd9bb87000-7ffd9bb8703d 964->967 965->964 979 7ffd9bb87083-7ffd9bb870c5 967->979 980 7ffd9bb8703f-7ffd9bb8704a 967->980 996 7ffd9bb8716e-7ffd9bb8719a 979->996 997 7ffd9bb870cb-7ffd9bb87160 979->997 980->967 984 7ffd9bb8704c-7ffd9bb87075 980->984 986 7ffd9bb880f8-7ffd9bb8813b 981->986 987 7ffd9bb88140-7ffd9bb88159 981->987 986->987 1005 7ffd9bb8719c-7ffd9bb871b0 996->1005 1006 7ffd9bb87166-7ffd9bb87167 996->1006 1009 7ffd9bb87437-7ffd9bb8744f 1005->1009 1010 7ffd9bb871b6-7ffd9bb87210 1005->1010 1006->996 1013 7ffd9bb87e56-7ffd9bb87e61 1009->1013 1014 7ffd9bb87455-7ffd9bb8746b 1009->1014 1024 7ffd9bb87212-7ffd9bb8722f 1010->1024 1025 7ffd9bb8725c-7ffd9bb8726a 1010->1025 1015 7ffd9bb8746d-7ffd9bb8748a 1014->1015 1016 7ffd9bb874b7-7ffd9bb874e2 1014->1016 1022 7ffd9bb87e40-7ffd9bb87e51 call 7ffd9bb882c2 1015->1022 1023 7ffd9bb87490-7ffd9bb874b5 1015->1023 1028 7ffd9bb874e4-7ffd9bb87501 1016->1028 1029 7ffd9bb8752e-7ffd9bb87583 1016->1029 1023->1016 1024->981 1034 7ffd9bb87235-7ffd9bb8725a 1024->1034 1025->1009 1039 7ffd9bb87e37-7ffd9bb87e3f 1028->1039 1040 7ffd9bb87507-7ffd9bb8752c 1028->1040 1052 7ffd9bb875d1-7ffd9bb875e4 call 7ffd9bb85758 1029->1052 1053 7ffd9bb87585-7ffd9bb87589 1029->1053 1034->1025 1039->1022 1040->1029 1058 7ffd9bb875e6 1052->1058 1053->1052 1055 7ffd9bb8758b-7ffd9bb8758d 1053->1055 1057 7ffd9bb8758f-7ffd9bb87592 1055->1057 1055->1058 1061 7ffd9bb87594-7ffd9bb87597 1057->1061 1062 7ffd9bb875be-7ffd9bb875c7 1057->1062 1059 7ffd9bb875e8-7ffd9bb875f3 1058->1059 1060 7ffd9bb875f6-7ffd9bb8760d 1058->1060 1059->1060 1063 7ffd9bb87613-7ffd9bb8762b 1060->1063 1061->1063 1064 7ffd9bb87599-7ffd9bb875bd 1061->1064 1062->1052 1063->1039 1064->1062
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c3601832d64a87fcf8d51685aaae9c5ddba8aa1dd0f49cf76bd396c64abeb8d7
                                                                                                                                • Instruction ID: c725a18870bc20779d4b6611c15fab3e4450f02ee6a4ca055b24c7f7e00efc3c
                                                                                                                                • Opcode Fuzzy Hash: c3601832d64a87fcf8d51685aaae9c5ddba8aa1dd0f49cf76bd396c64abeb8d7
                                                                                                                                • Instruction Fuzzy Hash: E6220732B19D4E4FEBA9DA5C8865AB573D2FFA8348F15417AD01DC32E6DE34E9028740

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1261 7ffd9bb903ce-7ffd9bb90444 1271 7ffd9bb90446-7ffd9bb90488 1261->1271 1272 7ffd9bb90489-7ffd9bb904ec 1261->1272 1271->1272 1277 7ffd9bb90538-7ffd9bb90549 call 7ffd9bb8ef68 1272->1277 1278 7ffd9bb904ee-7ffd9bb9050b 1272->1278 1286 7ffd9bb9054b-7ffd9bb90550 1277->1286 1287 7ffd9bb90552-7ffd9bb9055d 1277->1287 1283 7ffd9bb90cae-7ffd9bb90cb6 1278->1283 1284 7ffd9bb90511-7ffd9bb90536 1278->1284 1288 7ffd9bb90cb7-7ffd9bb90cf5 1283->1288 1284->1277 1286->1287 1287->1288 1289 7ffd9bb90563-7ffd9bb905e7 call 7ffd9bb8ee98 1287->1289 1302 7ffd9bb90cfc-7ffd9bb90d04 1288->1302 1307 7ffd9bb905e9-7ffd9bb90606 1289->1307 1308 7ffd9bb90633-7ffd9bb90649 call 7ffd9bb8eed0 1289->1308 1307->1302 1312 7ffd9bb9060c-7ffd9bb90631 1307->1312 1314 7ffd9bb90669-7ffd9bb9066a 1308->1314 1315 7ffd9bb9064b-7ffd9bb90668 1308->1315 1312->1308 1318 7ffd9bb9079a-7ffd9bb907d1 1314->1318 1319 7ffd9bb9066b-7ffd9bb906da 1314->1319 1315->1314 1325 7ffd9bb907d7-7ffd9bb90807 1318->1325 1326 7ffd9bb90c5c-7ffd9bb90cad call 7ffd9bb90d05 1318->1326 1327 7ffd9bb906dc-7ffd9bb906f1 1319->1327 1328 7ffd9bb906f3-7ffd9bb906f6 1319->1328 1340 7ffd9bb9080e-7ffd9bb90856 1325->1340 1327->1328 1329 7ffd9bb906f8-7ffd9bb90708 1328->1329 1330 7ffd9bb90709-7ffd9bb9070c 1328->1330 1329->1330 1330->1318 1335 7ffd9bb9070d-7ffd9bb90781 1330->1335 1335->1318 1353 7ffd9bb90858-7ffd9bb9086d 1340->1353 1354 7ffd9bb9086f-7ffd9bb908b5 1340->1354 1353->1354 1363 7ffd9bb908bb-7ffd9bb9092c call 7ffd9bb8eed0 1354->1363 1364 7ffd9bb90c0d-7ffd9bb90c10 1354->1364 1367 7ffd9bb90ac4-7ffd9bb90adf 1363->1367 1366 7ffd9bb90c16-7ffd9bb90c57 1364->1366 1364->1367 1366->1367 1367->1325 1370 7ffd9bb90ae5 1367->1370 1370->1326
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c622bbdda87c305a17614b423b2ff5f8ebf16cf5411ce6232c4d89f21fa34b54
                                                                                                                                • Instruction ID: ea0f9cf63ba16dccdaf95c24435dd99e4f56bee968edb51484019eff5b15ab45
                                                                                                                                • Opcode Fuzzy Hash: c622bbdda87c305a17614b423b2ff5f8ebf16cf5411ce6232c4d89f21fa34b54
                                                                                                                                • Instruction Fuzzy Hash: 2D023862B1EE8D0FEBA8DA6CC8A557977D1FF94718B5401BED04DC31E7ED24A9028340
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6d140b9fd9d054b210b40ab9796e4eeadd4815b2b862ffd26c7f50248b3776b3
                                                                                                                                • Instruction ID: 3113a4f9cddb56c11d371296f075c52b8f7677f55f1c6873f622912a1029b729
                                                                                                                                • Opcode Fuzzy Hash: 6d140b9fd9d054b210b40ab9796e4eeadd4815b2b862ffd26c7f50248b3776b3
                                                                                                                                • Instruction Fuzzy Hash: CAF1C271B0EE4E4FE7A9EAAC84656B536D2FF98304F1640BDE44DC72E2DD28A9058340
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3301141cffe68ddf7d318a443671bf74564778134ef03f81b43b108fb461fc1f
                                                                                                                                • Instruction ID: dd5c1eadaa9f93dc668721a1414c92afb08cd33f25a95978a59ddba7396bf819
                                                                                                                                • Opcode Fuzzy Hash: 3301141cffe68ddf7d318a443671bf74564778134ef03f81b43b108fb461fc1f
                                                                                                                                • Instruction Fuzzy Hash: D4B19922F0EE4E0FEB64AA7C98656F977D1FF99314F0501BAD04DC32E6DD28A9468341
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 83a1df4b7cddec383f0ac6779da83c8aa772c26f6c9d5d092a6b4b7a218db0d2
                                                                                                                                • Instruction ID: 2e7e2734d9343f549abe18c1977b6c81596004dd38179271ffeb26ae71519d8e
                                                                                                                                • Opcode Fuzzy Hash: 83a1df4b7cddec383f0ac6779da83c8aa772c26f6c9d5d092a6b4b7a218db0d2
                                                                                                                                • Instruction Fuzzy Hash: F2B12621B1FE4E0FE7759A6C48A61B477D1FF99218F1505BAE04CC31E6DD28AD068381
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e599080fc1f854c5226b01add4b63c0a2039f50e413e09a69f8ec6fef9e69450
                                                                                                                                • Instruction ID: 95265e69e256dbe86f6a83a046b7d5f32f50825217693afdc91c45c0e2b19922
                                                                                                                                • Opcode Fuzzy Hash: e599080fc1f854c5226b01add4b63c0a2039f50e413e09a69f8ec6fef9e69450
                                                                                                                                • Instruction Fuzzy Hash: 44B15A31B0DA494FE768DB6CC8666A577E1FF55348F1501BEE08AC71F3EE25A8068341
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4d4247a4572541a1282e459b45bcd1556dd1f684e1e1eae99699298ed02538d3
                                                                                                                                • Instruction ID: 2d778cc478f65b1f672578268031cea07d406decd7a60769fced01111de908e3
                                                                                                                                • Opcode Fuzzy Hash: 4d4247a4572541a1282e459b45bcd1556dd1f684e1e1eae99699298ed02538d3
                                                                                                                                • Instruction Fuzzy Hash: D7A1EB32B1DA0E4FEFA8DF5CD4A55A977D2FF99318B0401BAD40DC7296DE25E8028780
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 88d806c7da1b60ec5a1c1edd9ec3868844e8f69d047995936ba4f5ab8ffadf1b
                                                                                                                                • Instruction ID: a20282918af9f51837ba39ba2eced00edb145522f961eb56e29d21a9004a12cd
                                                                                                                                • Opcode Fuzzy Hash: 88d806c7da1b60ec5a1c1edd9ec3868844e8f69d047995936ba4f5ab8ffadf1b
                                                                                                                                • Instruction Fuzzy Hash: 6CA17321B1994D8FEBE8EB6C9869B7877D2FF98344F0501BAE45DC32E6DD24AC418701
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 183c55ebb41dcef8fdc4e2bc9f25a1a7b89fc92185ea9933a398893fec8da6e3
                                                                                                                                • Instruction ID: 71ce57056a25f6294218b35baffa50b173bb34a681bdf36f66bdcdb944506ecd
                                                                                                                                • Opcode Fuzzy Hash: 183c55ebb41dcef8fdc4e2bc9f25a1a7b89fc92185ea9933a398893fec8da6e3
                                                                                                                                • Instruction Fuzzy Hash: F7B18071719E4E8FDF98EF58C8A4A6533A1FF68308B1506A9D51AC72D6DB35E802CB40
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9f20c6ecfd18c7e96022b87ef4823d48cd9d0e30849d198160761133a93cfbb6
                                                                                                                                • Instruction ID: b6320a789798028bc8857672e44c345d42024d80c137e94a89ae548d4fb10442
                                                                                                                                • Opcode Fuzzy Hash: 9f20c6ecfd18c7e96022b87ef4823d48cd9d0e30849d198160761133a93cfbb6
                                                                                                                                • Instruction Fuzzy Hash: 1B910971A09A0C8FDFA8DB58C8A5AA977F1FFA5348F05416ED04DC72E1DE35A942CB40
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1be68529f76e7396ac8deaf245a88141d53a045ca432cbad613cd9008c2f6e8c
                                                                                                                                • Instruction ID: d436a0ce72c2536dbe17a741ef4eba9f3dc240498ba1e79a8d25e2941aaa2912
                                                                                                                                • Opcode Fuzzy Hash: 1be68529f76e7396ac8deaf245a88141d53a045ca432cbad613cd9008c2f6e8c
                                                                                                                                • Instruction Fuzzy Hash: 6F911732A0ED0A0BEF68EA58D8668F577E0FF54314F500139D59E835D2EE35B94AC781
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9383248f6de3006ae69ca575ce8d6447ac406649d09650299e1a1bd81a34f05c
                                                                                                                                • Instruction ID: aa1abbd1a05d51ebd8076428693f4e6e5f4e5d35aa5465b8b9035fa295961798
                                                                                                                                • Opcode Fuzzy Hash: 9383248f6de3006ae69ca575ce8d6447ac406649d09650299e1a1bd81a34f05c
                                                                                                                                • Instruction Fuzzy Hash: 4D717052B1E95A0BEB6DBABCA8795F937C1EF5125C70801BBD05DC72E7FD0CA9064240
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c17712eac5163725f94cb492f37d34181cb21aa709ba1cd046dcfe2325603c3a
                                                                                                                                • Instruction ID: b798330c301cc817ac57d6ae3034f216b0ed17ce393934aa9aaf5149a7893dd0
                                                                                                                                • Opcode Fuzzy Hash: c17712eac5163725f94cb492f37d34181cb21aa709ba1cd046dcfe2325603c3a
                                                                                                                                • Instruction Fuzzy Hash: 5C618D21B1E94E4FE7789AB898A957533D2FFD834871506B9D01DC32E6ED2CED468340
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 50a4b8f07a909aae9f373e268dbc44340634d171becdf0181aee9e49f6e76a5b
                                                                                                                                • Instruction ID: f5a7b321eb6c5709ab45dfcac5ef0b76f468e59f844e970460972d211808f92b
                                                                                                                                • Opcode Fuzzy Hash: 50a4b8f07a909aae9f373e268dbc44340634d171becdf0181aee9e49f6e76a5b
                                                                                                                                • Instruction Fuzzy Hash: FA61D522B1ED494FEB9CE62C846597877D2FFA8748B4501BED45DC32E3EE25AC028741
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6bab357d24c27dd700e5058098d1db4a5dff8fcb8d60b838ce0c4e0e319e45a5
                                                                                                                                • Instruction ID: 95cf1e8c8172eae431a9fb52e7c27dfedae9f8a07b8f0e79795227638214326d
                                                                                                                                • Opcode Fuzzy Hash: 6bab357d24c27dd700e5058098d1db4a5dff8fcb8d60b838ce0c4e0e319e45a5
                                                                                                                                • Instruction Fuzzy Hash: 6471B571708A4D8FDF98DF18C8A0AA977F1FF59318B1542A9D41ACB2D6CB31E842CB40
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3eec454a277ccf449aa22cb67ea38ad9c3680fcdd9652382c38b38c249cecbb6
                                                                                                                                • Instruction ID: bc0cd84bafb00a2a24775df3beda9dad80d2827f54a18f5c123fa3da3b6f23b6
                                                                                                                                • Opcode Fuzzy Hash: 3eec454a277ccf449aa22cb67ea38ad9c3680fcdd9652382c38b38c249cecbb6
                                                                                                                                • Instruction Fuzzy Hash: 5E512973A0EE4D4BEB75AAA8D8601A97BE1FF94354F0502BAE05DC35E2DE3579128340
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ef6ca3163091863e760c086e48026b5e3b33e4f29433d476801d8f9a31028408
                                                                                                                                • Instruction ID: 88f2e34a926f87c7cf527add26e99f90b0d3bbf621b32bbec37d6f393143c01c
                                                                                                                                • Opcode Fuzzy Hash: ef6ca3163091863e760c086e48026b5e3b33e4f29433d476801d8f9a31028408
                                                                                                                                • Instruction Fuzzy Hash: 90515D62B1FE8A0FE7B4E77C88A99A13BD1FF6565830501FAD048C71F6ED14AD068341
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 366e74ca0684775c18143a04f9f797253ee601d9dd54f4dbe026232d3ec83e27
                                                                                                                                • Instruction ID: c1943702784889446b97de94157ffb1c1e22f49044bb3507d50d21214930f939
                                                                                                                                • Opcode Fuzzy Hash: 366e74ca0684775c18143a04f9f797253ee601d9dd54f4dbe026232d3ec83e27
                                                                                                                                • Instruction Fuzzy Hash: B271A031A09A4D4FEF98EF68C4A16A877A1FF58308F0501BED45DC72E2DE35A842C740
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8e7929a474087ee5e62c298b97c55a388ecb9c3beba39ffe7a8beadb1e87730d
                                                                                                                                • Instruction ID: ed863a4a2ea6f8371b622d2dfa7b30cb5597e7a8ad01cc1b7dac0e54dbaed0a9
                                                                                                                                • Opcode Fuzzy Hash: 8e7929a474087ee5e62c298b97c55a388ecb9c3beba39ffe7a8beadb1e87730d
                                                                                                                                • Instruction Fuzzy Hash: 4051AB62B1EE9E0FE3699B68482157877C1FF62318F0505BAD589C71E7ED38B9038381
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6735e65f93b2256ae384bed8e92734f98b3adf70df8daf04895c84f46fba5c21
                                                                                                                                • Instruction ID: f1e14d1b1eeac19d60be9d988294c1843ca0ac7fda1b8532bb15a35c8301703e
                                                                                                                                • Opcode Fuzzy Hash: 6735e65f93b2256ae384bed8e92734f98b3adf70df8daf04895c84f46fba5c21
                                                                                                                                • Instruction Fuzzy Hash: F4511B72F0ED4D4FDB68EA6CC8A59A577D1FF99748B05017EE04DC72E2DE14A90A8380
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 19ff49891e03f0833c9fa53d677046304cc55cce27ea385453cbcd12bdd482f2
                                                                                                                                • Instruction ID: 4ad52775c23085bdcb7e81c3a80d123fa4e37887242ed94c8e14ef673c03dd4e
                                                                                                                                • Opcode Fuzzy Hash: 19ff49891e03f0833c9fa53d677046304cc55cce27ea385453cbcd12bdd482f2
                                                                                                                                • Instruction Fuzzy Hash: E4719D30A09E4D4FEFA8EF58C8A0AA977A1FF58308F45016DD45DD72E2DE75A942CB40
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 67bedf6398f5455453b389439c695897fcce8facb32e3bd72345ac83e607b003
                                                                                                                                • Instruction ID: 51ac597466745d0035aed3ed909388f2898e715ab444138d8734950a86ada1dc
                                                                                                                                • Opcode Fuzzy Hash: 67bedf6398f5455453b389439c695897fcce8facb32e3bd72345ac83e607b003
                                                                                                                                • Instruction Fuzzy Hash: 29617C31B09A4D4FEF98EF58C4A1AA877A2FF58308F5501AED45DD72E2CE35A942C740
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 11325fcb276efa781f75ca83fe28fc874e0093242348a605b5710c4d49e2e85b
                                                                                                                                • Instruction ID: a9ad020bbaa61afa17f1088d97f42bc7db2c06f38e18279aa70d616872ee525c
                                                                                                                                • Opcode Fuzzy Hash: 11325fcb276efa781f75ca83fe28fc874e0093242348a605b5710c4d49e2e85b
                                                                                                                                • Instruction Fuzzy Hash: 25617071619A4D8FDF94DF28C8A4AA937E1FF59308B1502A9D41AC72E2DB31E942CB41
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a2532a79ac49577a80ef02106e77840aeea9805714b6e7d4a5ac41c0312dfdd4
                                                                                                                                • Instruction ID: 9f166674896aa4c747bddf4c47d453f7e07fbddd69e61df5cba19738ffd5e2fa
                                                                                                                                • Opcode Fuzzy Hash: a2532a79ac49577a80ef02106e77840aeea9805714b6e7d4a5ac41c0312dfdd4
                                                                                                                                • Instruction Fuzzy Hash: 7161A471619B4D8FDF98DF58C8A4AA537E1FF69318B1502ADD419C72E2CB31E942CB40
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 727fe7809e1c6d4b7653df2c7d3dabb28fe9dc4897b1753705cd48b90130945f
                                                                                                                                • Instruction ID: 6d592fc59bac5b17dff0712eb21799207ce44c4df4a9815570dacf83329ca0de
                                                                                                                                • Opcode Fuzzy Hash: 727fe7809e1c6d4b7653df2c7d3dabb28fe9dc4897b1753705cd48b90130945f
                                                                                                                                • Instruction Fuzzy Hash: 6F51672270FBC90FD7668A6CE8741A43FA1FF5625871901FBD088C71F7D855AD468351
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b3ebe8dd2bcb5d0c3b498009e9231588e558ca420e3e6b460c4a7a0086157182
                                                                                                                                • Instruction ID: 3d48b0cb1064944a13efd9424b702a90aeef885e8da51e2720ee62eabb3fc732
                                                                                                                                • Opcode Fuzzy Hash: b3ebe8dd2bcb5d0c3b498009e9231588e558ca420e3e6b460c4a7a0086157182
                                                                                                                                • Instruction Fuzzy Hash: E4616331B1AD1F4AEB7997B480716BD72D2FF88349F564039D01EC22E6DE3DAA428250
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ac0993c7696656a6362125f82b8a545167a63dec05fd47dcd01196dc9bcc1387
                                                                                                                                • Instruction ID: 001671c0abee7f48309576a21b873bf57ef3c601aa756e58df821fe3ac9487ee
                                                                                                                                • Opcode Fuzzy Hash: ac0993c7696656a6362125f82b8a545167a63dec05fd47dcd01196dc9bcc1387
                                                                                                                                • Instruction Fuzzy Hash: 91613934709E4A8FDBDDEF58C4A16A177A2FF98304B2445B9C019CB59BCA35E887C780
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5ef20dd9481408f609d4557a3002f7453f13e82d5864d9873ef8eb8ca08b6a2b
                                                                                                                                • Instruction ID: 627d74d0436515f9a101b57f3bdf234e86d3931b958df777c99b7d675715dc6b
                                                                                                                                • Opcode Fuzzy Hash: 5ef20dd9481408f609d4557a3002f7453f13e82d5864d9873ef8eb8ca08b6a2b
                                                                                                                                • Instruction Fuzzy Hash: EC61373160EB8D4FDBA9CF68C8705A93BE1FF49748F4505ADD059CB2E2DA35A802C740
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 553154968128279b6bc02387138374f1e1db892f0aba61df5958dbf68d85fecf
                                                                                                                                • Instruction ID: b63192a71fbd5e937957a8f1fcf9154a77883a3aaa3f1ac13e7ebded4da9b1e9
                                                                                                                                • Opcode Fuzzy Hash: 553154968128279b6bc02387138374f1e1db892f0aba61df5958dbf68d85fecf
                                                                                                                                • Instruction Fuzzy Hash: 7F61F87160DA4D9FDB98DF28C870AA937E1FF59308F0502A9D45DDB2E2DA35A902CB40
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 880d797de5593e9cc29afe46daa0d377032ae0fc6e4e5a4e266b0dfa78c014d0
                                                                                                                                • Instruction ID: 724622ceb265ae6dba0e7a8fa985abf5bebf6618574e5188a092c8e8ad495f3f
                                                                                                                                • Opcode Fuzzy Hash: 880d797de5593e9cc29afe46daa0d377032ae0fc6e4e5a4e266b0dfa78c014d0
                                                                                                                                • Instruction Fuzzy Hash: 5151372270FBC90FDB668A6CE8641647FE2FF9625871801FBD488C71F7D866AD458341
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b3ab08abd652ec40de34f09dd605e504b34fd36195662071b93a3f35205236cf
                                                                                                                                • Instruction ID: 392880a4a0f3195533b3df83a106a7459b7fb70cbe3dc7a7923d127ec5d28352
                                                                                                                                • Opcode Fuzzy Hash: b3ab08abd652ec40de34f09dd605e504b34fd36195662071b93a3f35205236cf
                                                                                                                                • Instruction Fuzzy Hash: 04516671B19A0E4BE368DA19D4525B5B3D0FB5531CF50063DD8ABC36EAEE24F8428780
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 649567a8dab303bec6d27c077245379a741aa5bd1e84f0d6e0725a69c374c7c3
                                                                                                                                • Instruction ID: 06223804798de55d4ec77301f004361a3b86383c2fcfa8008bbacbb0815c659e
                                                                                                                                • Opcode Fuzzy Hash: 649567a8dab303bec6d27c077245379a741aa5bd1e84f0d6e0725a69c374c7c3
                                                                                                                                • Instruction Fuzzy Hash: A551C17270DE494FDB98EE28C465AA177D2FFA4318F0505ADD49ECB1E2D935E802C740
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 42edc0d4da81fdc5526a556886805150c12269584cb4ae91f845c24ec9e5c53f
                                                                                                                                • Instruction ID: 4674f8227e02522999b2e258de6d2b28eadfd7af8bcb95a9b61210bb7d261ef3
                                                                                                                                • Opcode Fuzzy Hash: 42edc0d4da81fdc5526a556886805150c12269584cb4ae91f845c24ec9e5c53f
                                                                                                                                • Instruction Fuzzy Hash: 47416A62B0EE8A0FE7999A7C98B55E17BE0FF6525474801FBD048C71E7EC28EC468301
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f36b176630e35776c2a5464172eb8ce3b7319681c166b316df1ab0731d62d7ff
                                                                                                                                • Instruction ID: 60402c00265a858e2f446df807b8ce97fcfb810e277b8c28fcb9f6877f8800a4
                                                                                                                                • Opcode Fuzzy Hash: f36b176630e35776c2a5464172eb8ce3b7319681c166b316df1ab0731d62d7ff
                                                                                                                                • Instruction Fuzzy Hash: BC415F67B1D7694AD705BBB8FC669D83B50EF403747080277D2D98B493DD18604A8B90
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1e8368f532c60bf68a08628731f55dd5823a503595a4a1662acae35a02cc0aa8
                                                                                                                                • Instruction ID: ab6378b979cda518aeff311386edb5737f29a99991c3e51e07d8d4c36466ec52
                                                                                                                                • Opcode Fuzzy Hash: 1e8368f532c60bf68a08628731f55dd5823a503595a4a1662acae35a02cc0aa8
                                                                                                                                • Instruction Fuzzy Hash: CE41BF31F19D4D4FEBA8EA98C8646E877E2FF98318F450579E10DD32E5CE246902C341
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: bbfdcdc26ec5255f3179f9666450a4064836050bb1881ab491b3f534c01363cf
                                                                                                                                • Instruction ID: c45363039b8ac260f51ebb4b8a19d0353eec77b8fe0c3af5d047ae2191b7dbcf
                                                                                                                                • Opcode Fuzzy Hash: bbfdcdc26ec5255f3179f9666450a4064836050bb1881ab491b3f534c01363cf
                                                                                                                                • Instruction Fuzzy Hash: F6312921B1DA4A0FE79C566CE8655B137D1EF9679870402BEE15AC31E7EC15BC03C241
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5cc097a75c96de18691f6944ceee15c9afc457087eb2d529a38778d31b4fd879
                                                                                                                                • Instruction ID: ef46b02e653f2ec6e093d8cded79090eac0a44f59917c57fdb786a65d05a2e08
                                                                                                                                • Opcode Fuzzy Hash: 5cc097a75c96de18691f6944ceee15c9afc457087eb2d529a38778d31b4fd879
                                                                                                                                • Instruction Fuzzy Hash: 7C415A31B2DE4D4FE7689A688411538B3C2FF95319F11467ED68AC32E6DE38F8424781
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 37b26ffadfb6e8c249a963cc582558250d79792cdd41f9727159fac8db3e8b00
                                                                                                                                • Instruction ID: caa34ac135b8174d4ff213467b4cc0fa7635143ecfc4f45b4d1b4cd2af24ce88
                                                                                                                                • Opcode Fuzzy Hash: 37b26ffadfb6e8c249a963cc582558250d79792cdd41f9727159fac8db3e8b00
                                                                                                                                • Instruction Fuzzy Hash: CB314D16B0FFCA0FD7A29A7C18641A13B91EF86214B4A01F7D4DCCB1E7ED184D0A8341
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8a28021f515845cd65a5ad9c4e65862fb756535fa3de42758a4b95303fdd205b
                                                                                                                                • Instruction ID: c5e5ca0be0a701c3b6ba81470f61ce4df2466087b11aa3e1d9ba8fe12f661a3d
                                                                                                                                • Opcode Fuzzy Hash: 8a28021f515845cd65a5ad9c4e65862fb756535fa3de42758a4b95303fdd205b
                                                                                                                                • Instruction Fuzzy Hash: 70317B22B0DDCA0FE75AA77858665E57BD1FF96254B1901FAD05CC31EBED38A8028342
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ddecb8a5167d5ed83f8dd92100d871ab6a858aa0e375d475dc3832da3e831e99
                                                                                                                                • Instruction ID: 0e4d5749ecdb8204ed188f23de12f7ff2cbc320b6951ecc1006c168e46373c45
                                                                                                                                • Opcode Fuzzy Hash: ddecb8a5167d5ed83f8dd92100d871ab6a858aa0e375d475dc3832da3e831e99
                                                                                                                                • Instruction Fuzzy Hash: 1031FA51B1AE4E0BEFEC9A68947857922C2FF9468C7450079D45EC33E6FE1CFD024240
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c542b0dfcbed4be37275b05956fbdd5e5f9f52359567b846226f891fa2627e3c
                                                                                                                                • Instruction ID: 02498e12e1e3ab88e0c1e68742dd00a8c1437bd9659482b846aec5bb1c134de5
                                                                                                                                • Opcode Fuzzy Hash: c542b0dfcbed4be37275b05956fbdd5e5f9f52359567b846226f891fa2627e3c
                                                                                                                                • Instruction Fuzzy Hash: CC318D12B6EF8E4BE768876C88B556137D2FFA4658B5542B9D04DC30EBEC2CAD038341
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 77891081e48e9a5c30655230f2377370a3bb721632587f99df7b946ef9f410fd
                                                                                                                                • Instruction ID: 2bd111fd30d61d70df23b9240312b91e21c982bbe2f5c60ae7dcb3f77298185c
                                                                                                                                • Opcode Fuzzy Hash: 77891081e48e9a5c30655230f2377370a3bb721632587f99df7b946ef9f410fd
                                                                                                                                • Instruction Fuzzy Hash: 73312872B1ED8D4FDBA9AA6C88B54B477D2FF99308705017EE08EC72E3DE1469068300
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e5906f2ea5aac820cd4bc9284009c1e2d46316a0cfc40c80d6e96ea79337f69b
                                                                                                                                • Instruction ID: 7a953c8ad139f7842f487b3a2d893d903fcdd8f02ac3cd35dc16e7a3bf8157a6
                                                                                                                                • Opcode Fuzzy Hash: e5906f2ea5aac820cd4bc9284009c1e2d46316a0cfc40c80d6e96ea79337f69b
                                                                                                                                • Instruction Fuzzy Hash: 7A31D832B19D494FEBD8EA2C84B596437D2FFA8B0875601A9D05DC32E2ED25EC42C741
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ea648a9653bc4c6407152c5831dc9b05d8104d4e853545f5276be464264d1c46
                                                                                                                                • Instruction ID: 0d626d386f677fdf9195e4a6253993d06c91402ba1a0a427fc2a3472b0d38d70
                                                                                                                                • Opcode Fuzzy Hash: ea648a9653bc4c6407152c5831dc9b05d8104d4e853545f5276be464264d1c46
                                                                                                                                • Instruction Fuzzy Hash: E731472264FACA0FD71257B48C25AE63BE1EF96220B0901FBE089C70E3CD1C59078351
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d723ea0103e0e2b1e3d39c75ba221101687c8aef9a9cf98a25928a71e0f8d932
                                                                                                                                • Instruction ID: a539be95a6c0ed81e35c0cdc16559fa21a79fe90c072c3803d9e9b2f41dfd293
                                                                                                                                • Opcode Fuzzy Hash: d723ea0103e0e2b1e3d39c75ba221101687c8aef9a9cf98a25928a71e0f8d932
                                                                                                                                • Instruction Fuzzy Hash: FE21F522F0AE5D0FEBA5A7B854751F9B7D1FF98610B0101BBE04DC32E2EE2469028381
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 72a5bbd07158624edd00ea274c3805572dd9a8a69a0edca47c98a6b49f3f647e
                                                                                                                                • Instruction ID: f7b97eddd8e2b2077302086e538430bbde62cce0a617e59a0fc3f87a753ebd44
                                                                                                                                • Opcode Fuzzy Hash: 72a5bbd07158624edd00ea274c3805572dd9a8a69a0edca47c98a6b49f3f647e
                                                                                                                                • Instruction Fuzzy Hash: BE31F771E0AE4D8FDB54EF68C8656E977E0FF98314F0501BBD009D72A2DA349A498781
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f0d489d3167121756a4f80fc05982e9d8abe80b74e2d15220a5d793194a9773b
                                                                                                                                • Instruction ID: ad1fb1b913df13c718e7b73c5b54ee80d4d1a44766714a37adbbb93fcabafd31
                                                                                                                                • Opcode Fuzzy Hash: f0d489d3167121756a4f80fc05982e9d8abe80b74e2d15220a5d793194a9773b
                                                                                                                                • Instruction Fuzzy Hash: D6213732B0EE0D0BE7A8E96C98AA57533D1EB9A328715017ED49DC32E6DC15FC478381
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7e716e7db3af7be3241346685cfc90d821c0e57a824faef6932e869be7d32dd5
                                                                                                                                • Instruction ID: cd5fe02f1a9c6a2869733dfc5520b8d9cb94c350f4508335e23b68e9183b1c37
                                                                                                                                • Opcode Fuzzy Hash: 7e716e7db3af7be3241346685cfc90d821c0e57a824faef6932e869be7d32dd5
                                                                                                                                • Instruction Fuzzy Hash: 5A21F120B0EE0E4FD748EB2C98A55B477D1FF98314B1146BAE00DC32E7DD28EA468341
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 088c4efde9984f9929cf1def671e627ac18d5550f27acac8dd637401608507ee
                                                                                                                                • Instruction ID: e676566ec10d928d5f06f9f1776898dd2418627cde95a6c1f62508c5a73c42ee
                                                                                                                                • Opcode Fuzzy Hash: 088c4efde9984f9929cf1def671e627ac18d5550f27acac8dd637401608507ee
                                                                                                                                • Instruction Fuzzy Hash: F621B130E19A4C5FDB58DB688CA65FDBBF1FF9C318B44017EE049E3292CE2864018752
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c20b0d04fdc90002dd62cad21c38222f3f5666ffb4c39bba5faecc408a806d4a
                                                                                                                                • Instruction ID: 66db36717c89a4c969bb8bb976344a9f67a6bcbf756c3d9ed89e114b5a8cfe8c
                                                                                                                                • Opcode Fuzzy Hash: c20b0d04fdc90002dd62cad21c38222f3f5666ffb4c39bba5faecc408a806d4a
                                                                                                                                • Instruction Fuzzy Hash: A7212521B0EA5E0FE7A1EA6CC4645712BE1FFD9218B5940BED84CC71F6ED15E9818341
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b71b185d68890f611ddec558d0ea7934a2e69c3696d5134a8738428b80f315f5
                                                                                                                                • Instruction ID: ffe7b4249d47c91edcab4d625a6674ffd635bbe199186b4d33f2b00ce5cea559
                                                                                                                                • Opcode Fuzzy Hash: b71b185d68890f611ddec558d0ea7934a2e69c3696d5134a8738428b80f315f5
                                                                                                                                • Instruction Fuzzy Hash: 4221B030718F0C4FDFA4EE68D498A2577E1FBA8759B14027ED90EC32A5DA22E9418781
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1fa80b3754bba35486b536530ff23279dbb8ff36bc4fddbbb6744d58db2bd016
                                                                                                                                • Instruction ID: 12e0dd3438615577c286e96d41631a5ba466d64410822c956eb4ae15c81c6d8b
                                                                                                                                • Opcode Fuzzy Hash: 1fa80b3754bba35486b536530ff23279dbb8ff36bc4fddbbb6744d58db2bd016
                                                                                                                                • Instruction Fuzzy Hash: 2521363161EE8D4FE3699774D8604957BE1FF85314F0502FBD049C75E2DA38A8068341
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8aafd99a4cee255ba3544f1523bc5b6c83bb019f1a9bf82aef1d5baf3d8d488c
                                                                                                                                • Instruction ID: d1fa64898b0ea4c2f254dabe28fdbc9b6d5cbd173b1775e72451411e8a9d7089
                                                                                                                                • Opcode Fuzzy Hash: 8aafd99a4cee255ba3544f1523bc5b6c83bb019f1a9bf82aef1d5baf3d8d488c
                                                                                                                                • Instruction Fuzzy Hash: D221C160B0EE4E4FE7B697A884306756692BF89388F4740BAD04DC71F2CD2CAE058351
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1c0d9340a122c93260e725d4cf3e298e0c5f1c29e2ffc6d6cf451fe7ad9e970b
                                                                                                                                • Instruction ID: dd879ad45d8b4a95df6f843843d04fed72e1ceba002794e25143b48f5f79aaae
                                                                                                                                • Opcode Fuzzy Hash: 1c0d9340a122c93260e725d4cf3e298e0c5f1c29e2ffc6d6cf451fe7ad9e970b
                                                                                                                                • Instruction Fuzzy Hash: 8C212922A0EA8E0FD76697B858715E97FA1FF82210F0E01F6D58CC70D7ED2C99058342
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5376496cabb736cf776be698c844118a90d877865798b0235222125fa57da169
                                                                                                                                • Instruction ID: e74e6cf4c58d78b88c3dcbc87a4ddb5b96357f029582fa2ee5b4c69156cbf138
                                                                                                                                • Opcode Fuzzy Hash: 5376496cabb736cf776be698c844118a90d877865798b0235222125fa57da169
                                                                                                                                • Instruction Fuzzy Hash: CD110662B1FE4F4BE738914858274A477C1FB94619F150179E48DC32E1EE28790A42C1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4c9863212612130568c24243a102d1ee91be79f290af8f8d59c48f889fcbb8eb
                                                                                                                                • Instruction ID: 3f63ef8dc8d9351ac0192063a65c57955f10031ce062ee650043b1e82cd0b3ee
                                                                                                                                • Opcode Fuzzy Hash: 4c9863212612130568c24243a102d1ee91be79f290af8f8d59c48f889fcbb8eb
                                                                                                                                • Instruction Fuzzy Hash: 2611D662B0EE890FE365E7BC98A96707BD1FB5D10570941FBE058C72F3EE18A8418741
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fc83750ebd59a6c39dc291952de26a4be8a3861f3a3a28b0bce764b0d4c87bb0
                                                                                                                                • Instruction ID: c1d05d03242d734db6ab7a86ba62ec8c68340bc389745161cd501015f01f747b
                                                                                                                                • Opcode Fuzzy Hash: fc83750ebd59a6c39dc291952de26a4be8a3861f3a3a28b0bce764b0d4c87bb0
                                                                                                                                • Instruction Fuzzy Hash: 6421AE72E0EE8C4FEFA9DFA848741A83FA0FF55704F0A04A9E19CD71A2DA356900D701
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7394665dfa0e6ec1ad6e673518b50844ba7ecbdb3b3a7e2fc4b87fe540352414
                                                                                                                                • Instruction ID: cb938e49a5850b19467781a5ecaab7c3b42527f2ccd8393ca6f32ce5d7099044
                                                                                                                                • Opcode Fuzzy Hash: 7394665dfa0e6ec1ad6e673518b50844ba7ecbdb3b3a7e2fc4b87fe540352414
                                                                                                                                • Instruction Fuzzy Hash: C811035160EBCA1FC75ADB2888B0560BFB0FF6521430846EFC49DCB293DA18A9558791
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: eca0cf30cdf07b74f1e0055ae9f56cc0e588452aa28a83d35a91e6c051d510d6
                                                                                                                                • Instruction ID: a697d4262d6026b8348cf5d4d443d93332bc32223662de39ae1964a95acf7a66
                                                                                                                                • Opcode Fuzzy Hash: eca0cf30cdf07b74f1e0055ae9f56cc0e588452aa28a83d35a91e6c051d510d6
                                                                                                                                • Instruction Fuzzy Hash: C7116662B6FA8D0FD7AA669D3CA22B037C1DB5E124B4501B7E44DCB2D3EC0D5D4643A2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 180df035620bf4bbd0d96244340e6d331c89cb6447356da45e008e18137c7d06
                                                                                                                                • Instruction ID: 981ec8300f20a83a9368b24d437a9350e64fbc24d3779a18fd3aa2784de665cf
                                                                                                                                • Opcode Fuzzy Hash: 180df035620bf4bbd0d96244340e6d331c89cb6447356da45e008e18137c7d06
                                                                                                                                • Instruction Fuzzy Hash: E411823171CD0A4FDB4CEA18D455DA8B3E1FFA435471041AAD05EC71D6EE24E9468B41
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7393f2d0d445726dea45ffee41879c4c5ae397fb67239ca83a9b7f57e5ca5881
                                                                                                                                • Instruction ID: 2309f12743c2b343159f153c988cc1b24b319bbba770e2157e81792460d533bb
                                                                                                                                • Opcode Fuzzy Hash: 7393f2d0d445726dea45ffee41879c4c5ae397fb67239ca83a9b7f57e5ca5881
                                                                                                                                • Instruction Fuzzy Hash: 6A118E72A0EA8C4FDFA99BA848751A87BA0FF55704F0605AAE19CD71A2DA3569009701
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2fd772a5d63711a3e707a888e037df13d415c06a72199fcda165e94230f1c545
                                                                                                                                • Instruction ID: 4d8df152c68b0d8224d39db51e5e854b6ad09a2d5b905314e516d4843cd788d3
                                                                                                                                • Opcode Fuzzy Hash: 2fd772a5d63711a3e707a888e037df13d415c06a72199fcda165e94230f1c545
                                                                                                                                • Instruction Fuzzy Hash: 64113A21A1CA8A0FE78DEB6C94949A17BE1FF5625831402FAD41CC71EBED28D8478710
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f6d241615056b0bde4fcb556c74d42c053271b2abcddf92c2e7fa53435388334
                                                                                                                                • Instruction ID: d7a11b8471c340bafc201b842c4dd2d6f69a07c923cdb1b2dab41af1daec6aff
                                                                                                                                • Opcode Fuzzy Hash: f6d241615056b0bde4fcb556c74d42c053271b2abcddf92c2e7fa53435388334
                                                                                                                                • Instruction Fuzzy Hash: 6411C872F1EE0A4BE77CDA5488631E473C1FB14315F15057DC499872D1D928BA0B4381
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2b20a1ebe4f11d2683b762abb5998627fba5bf231232595a8957690d33586d93
                                                                                                                                • Instruction ID: 9205a1ac537026b29966882529ef486578b81fcd9594f9215e25a2c278a72ef9
                                                                                                                                • Opcode Fuzzy Hash: 2b20a1ebe4f11d2683b762abb5998627fba5bf231232595a8957690d33586d93
                                                                                                                                • Instruction Fuzzy Hash: EE01F972B0E91E4FEBE5E61C98A856533D2FF9820871541B2D49CC73E6ED25DD038380
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c02dc3be27866f72875c63a62eea1bbd3109c88230722209dad6ab00875a8489
                                                                                                                                • Instruction ID: 06b0a45ee06097ffae59eeef566527775ff92361efed3f6c15b7c3d561b28c69
                                                                                                                                • Opcode Fuzzy Hash: c02dc3be27866f72875c63a62eea1bbd3109c88230722209dad6ab00875a8489
                                                                                                                                • Instruction Fuzzy Hash: 5F11A971B19E094FDBA8EF18C0A5A6177A1FF68308F1540A9C44ECB2D6CA35E802CB81
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5b46635270d89ccccc4b139c315e4cc7a1738474d3211a3e0b9d4d18bc4b2b5d
                                                                                                                                • Instruction ID: cd6375611176369a2eea2b46514ec8ab8976c1c4dd9357b7a3e353399d553aa9
                                                                                                                                • Opcode Fuzzy Hash: 5b46635270d89ccccc4b139c315e4cc7a1738474d3211a3e0b9d4d18bc4b2b5d
                                                                                                                                • Instruction Fuzzy Hash: C3118871B19E494FDB98EF18C0A5A6177A2FF68308F1540A9C44ECB2D6DA35E802CB80
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3ab9faf41aacd29e2436245becd7b8f46c86b597102ec3897d693bed0a8d972d
                                                                                                                                • Instruction ID: ddbf9ecdb419e8aec6ca2828ec08205fee0ede51a6dea2e5f7eb76ee94885e36
                                                                                                                                • Opcode Fuzzy Hash: 3ab9faf41aacd29e2436245becd7b8f46c86b597102ec3897d693bed0a8d972d
                                                                                                                                • Instruction Fuzzy Hash: 0A11A531A0955D4FDB91EB68D4556BABBB0FF89314F1001BAE06DC71D2DB245504C7D1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b5a88cae2d435ae8046906c42cfd6e3618240f0892867f71c599e1b396e5b8a0
                                                                                                                                • Instruction ID: dc51d823472648e369c55b880fba8e1f4ee6ca0b281c999d52e97f1398930994
                                                                                                                                • Opcode Fuzzy Hash: b5a88cae2d435ae8046906c42cfd6e3618240f0892867f71c599e1b396e5b8a0
                                                                                                                                • Instruction Fuzzy Hash: 1711C270B19E4A4FE75CFB2894A66B5B2D0FF64304F0002BAD15EC32E7EE28A5028741
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 80087ec2f153a4cd3beec70cd2b7fd15fde0888b51b90943d7f6b1169b52d31c
                                                                                                                                • Instruction ID: 60ef69465fe5c4c61788bc1c97b26f38a6a9a2b05502740bb1ec185a94296b2f
                                                                                                                                • Opcode Fuzzy Hash: 80087ec2f153a4cd3beec70cd2b7fd15fde0888b51b90943d7f6b1169b52d31c
                                                                                                                                • Instruction Fuzzy Hash: A001443160DA5D0FEBD1EB2CD898A617BE0EF5920831981F7D88CCB262DA24D9468790
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c55e934d25095092859c91032634100ddec74e7b1f6493cb652976d143d922cf
                                                                                                                                • Instruction ID: c7e072aa1f39bbefd8000df6b49376c70cc4b9d9963f22c74d59e176a060474a
                                                                                                                                • Opcode Fuzzy Hash: c55e934d25095092859c91032634100ddec74e7b1f6493cb652976d143d922cf
                                                                                                                                • Instruction Fuzzy Hash: BB01A13150E7998FCB16FB78E8658D93F60EF0222CB0901F7D099CB0E3E9255949C791
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8e0d44eb5013fbd8be050090d2dce256dfb66e8aa88cce2833ea2ff3d5e5f2bb
                                                                                                                                • Instruction ID: 3dd90cf0eef919f0cbe84be0c2951266ba4cbba9a9411d905cc2553bc5459063
                                                                                                                                • Opcode Fuzzy Hash: 8e0d44eb5013fbd8be050090d2dce256dfb66e8aa88cce2833ea2ff3d5e5f2bb
                                                                                                                                • Instruction Fuzzy Hash: 3701B525F0DD1F0AFFB8A26988B937550D1FF84348F1A9179C54EC21E5DD7DAE808201
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c30486cefe666237fa9924f40f2b1ae23e95b7a0bcd74b390d44c1a0b862754b
                                                                                                                                • Instruction ID: d6f75c4da9d7a4b203977f1f26be212108f3933d306efb15be9da57a6bc67e14
                                                                                                                                • Opcode Fuzzy Hash: c30486cefe666237fa9924f40f2b1ae23e95b7a0bcd74b390d44c1a0b862754b
                                                                                                                                • Instruction Fuzzy Hash: D5012472E4EB9D4FDBA2A7A884661E47FA0FB49344F0101E7D059C31E2EA2999488381
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7af346fdbd62563439d00bd4cfdee510476c46c5f3980db952a2f3bbb155a9b0
                                                                                                                                • Instruction ID: 7a4c2897bee8e7bfe75043fb410fab2dea6bf197455e8f679a6403fb46260f0c
                                                                                                                                • Opcode Fuzzy Hash: 7af346fdbd62563439d00bd4cfdee510476c46c5f3980db952a2f3bbb155a9b0
                                                                                                                                • Instruction Fuzzy Hash: 4AF0B42270DE490FE755E66DA8A49E0BBE0EB6935034902F7D059C31EBED189C86C381
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b879da96bd5282dc42c45304fd80065203c62137a8844e2fe3cc25f173e52fd4
                                                                                                                                • Instruction ID: c8d199ad69099b3f739ab99e3e86338487b645dd8aa3e3efccdbbe212f4dadc1
                                                                                                                                • Opcode Fuzzy Hash: b879da96bd5282dc42c45304fd80065203c62137a8844e2fe3cc25f173e52fd4
                                                                                                                                • Instruction Fuzzy Hash: 17018F71718A4ECFDF98EF58C490AA573A1FF68348F2001A9C40ECB296CA31EC52CB40
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2ab4286714d6513841932e039a81fc6bb0a614664f04076280ce28ac9301182b
                                                                                                                                • Instruction ID: 55b5245cfaa5cd5e16fa2a8d19d76cd734a86aac344642adea5584c55709bf6f
                                                                                                                                • Opcode Fuzzy Hash: 2ab4286714d6513841932e039a81fc6bb0a614664f04076280ce28ac9301182b
                                                                                                                                • Instruction Fuzzy Hash: A3F0CD3160C7850FC759DB38D0611E63FE0EF8A220B1502AEE58ECB262D6215906C345
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 555b9bb254c1aba7b1de7808cd175438b6f660ae4b5f16a23a5d69fb224cd89a
                                                                                                                                • Instruction ID: c034252e61e87611ea044072d58971bbbf55424a94a3c97c89b4ebed1f3f762a
                                                                                                                                • Opcode Fuzzy Hash: 555b9bb254c1aba7b1de7808cd175438b6f660ae4b5f16a23a5d69fb224cd89a
                                                                                                                                • Instruction Fuzzy Hash: C3018631B1E91E46E67967A854222F972C7FF88319F624579D05EC31E2CD3DA9428350
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4df6d41aae40579ae2be80f1fc6c965c5e49909dca30673de84d7384a7e99b57
                                                                                                                                • Instruction ID: 12661f6665e066817afc4db18994bca1d3ae34d7b6835c8825259ce2f029291d
                                                                                                                                • Opcode Fuzzy Hash: 4df6d41aae40579ae2be80f1fc6c965c5e49909dca30673de84d7384a7e99b57
                                                                                                                                • Instruction Fuzzy Hash: F801623190E2599ECB06FB74E8659E97BA0EF0631CB0801F7E059CB0A7E9259949C785
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: baf1c096e13e41bcacd67dfd03b419451022c167ac55a6d6624239ec5bf734a2
                                                                                                                                • Instruction ID: 4f50ed59d252c1c78a67176420accf35a34c0cd76bd2405fe34c038636b8f976
                                                                                                                                • Opcode Fuzzy Hash: baf1c096e13e41bcacd67dfd03b419451022c167ac55a6d6624239ec5bf734a2
                                                                                                                                • Instruction Fuzzy Hash: 70F0C022D0898D1FEB149B7498655F97FB0FF44204F4501F3D40CC70A3DD246A09C701
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1eefdf3294815de2a2508639e04b833c9ab08f114828064a66b991b95104e759
                                                                                                                                • Instruction ID: fdfe2e212356d7bdab24b1ac55d8f242998b3d19861b26de6941168ed659f796
                                                                                                                                • Opcode Fuzzy Hash: 1eefdf3294815de2a2508639e04b833c9ab08f114828064a66b991b95104e759
                                                                                                                                • Instruction Fuzzy Hash: 9FF0F071B1890D4FEBE4EA1C9448A7073D0FF6830831041B6E85CC72A5ED21DD418780
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4482b42cd075767a408afed5d3dc3bc0fb589d4ac07cd0fd11f39d7562e1f886
                                                                                                                                • Instruction ID: 9982224c8707edbb29fc8e5983471e62957340b27c9e5f1f502c7d1d993394b2
                                                                                                                                • Opcode Fuzzy Hash: 4482b42cd075767a408afed5d3dc3bc0fb589d4ac07cd0fd11f39d7562e1f886
                                                                                                                                • Instruction Fuzzy Hash: ACF04F31A1481D4F9B94EB68D459AEEB7F0FF98314B10026AE02DD3290DF2069448BC1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d612e598672c464b23e300d27c725265afd04f45e6cc53fe64c1038ea11d33fc
                                                                                                                                • Instruction ID: f7412ca7ed66ff4d523211a4a2afc47bfe31609612af183e653325580eb85229
                                                                                                                                • Opcode Fuzzy Hash: d612e598672c464b23e300d27c725265afd04f45e6cc53fe64c1038ea11d33fc
                                                                                                                                • Instruction Fuzzy Hash: F8F0FC32A1D7CD1FD752AB7488651E67F71FF46204F4500D7D498CB0E7E9645A45C342
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 871dbf71cf51d8190704a74919d8f601b56473a887e48207667c37678b87c2d0
                                                                                                                                • Instruction ID: 4d5e56e3877a6981b6bbf137533af51f65b27b99c65a407445df4f52eaa655c5
                                                                                                                                • Opcode Fuzzy Hash: 871dbf71cf51d8190704a74919d8f601b56473a887e48207667c37678b87c2d0
                                                                                                                                • Instruction Fuzzy Hash: 93F0243260FAC81FD791C774C4AD6A4BBE0FF4521470A41EAD489DB2A2DE189C048B50
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f48a0761f73e34bb8008addb5028ce9b6b8f02d6d4e4d4c1849c59cab36854a7
                                                                                                                                • Instruction ID: 5e3fed1bba0f55268fcf65ec6f88482af868605917a3809f38390af6a594ec5c
                                                                                                                                • Opcode Fuzzy Hash: f48a0761f73e34bb8008addb5028ce9b6b8f02d6d4e4d4c1849c59cab36854a7
                                                                                                                                • Instruction Fuzzy Hash: 96F0309194F6C52EE76E66B84826429BFD0AE1325870A19FEC0C68B0E7E8481505C312
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e0fa6b82099f437a512752a74f649a7a89726380c60eae896fd9f84df01af0ab
                                                                                                                                • Instruction ID: ddfa6a7a367d6baf4ac98f09618ff38c87e7f9f5d3204a516dc7abbe2bbab8ef
                                                                                                                                • Opcode Fuzzy Hash: e0fa6b82099f437a512752a74f649a7a89726380c60eae896fd9f84df01af0ab
                                                                                                                                • Instruction Fuzzy Hash: 1EF0E231B45C1E4EEB54B7AC94216FDB291FF54344F410676E02DC32C2DF396A818380
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f26548ecb1e6b70880baedd2e1186e7f9b01c3de61ba4b7fc700f62c5df9702e
                                                                                                                                • Instruction ID: 7e9045f0ecc96f0f4ad1985b6733348b43c723ade0ae97ea54052071218b8604
                                                                                                                                • Opcode Fuzzy Hash: f26548ecb1e6b70880baedd2e1186e7f9b01c3de61ba4b7fc700f62c5df9702e
                                                                                                                                • Instruction Fuzzy Hash: EBF08261A4EBD95ED367B3BC88695A17FA0AF4B214B2A00EBC499CB1B3D4144909C362
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: dc461f8d42303d7d6d4da8821ba38f063574a3b8fb4b9097ae7f466226921442
                                                                                                                                • Instruction ID: fa2e50520f0407c83942fd831d8752a0928cdc18736d93de591aeb720f8ae608
                                                                                                                                • Opcode Fuzzy Hash: dc461f8d42303d7d6d4da8821ba38f063574a3b8fb4b9097ae7f466226921442
                                                                                                                                • Instruction Fuzzy Hash: 86F0BE31B09C194FE7A4E26994606B672A1FF84304F010179D10EC31E2DE35A401C205
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 28a87c1c20f8fac189a53153bbfbd02f456776b3e97d5cb9c1cb4d06a6917bf7
                                                                                                                                • Instruction ID: 86c211b8b0679997db1ae182fad3a8acdc5ff7d2c3ead206f29d7654a9d8d249
                                                                                                                                • Opcode Fuzzy Hash: 28a87c1c20f8fac189a53153bbfbd02f456776b3e97d5cb9c1cb4d06a6917bf7
                                                                                                                                • Instruction Fuzzy Hash: E3E02B62F46C1D4AEB74A248A0242BD76C1FB98689FC215BAE10DC32D1CE28AE450340
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 23c83a617dd1c46285d9e1866852225306f73625050f18e6b8007fb9c3cfa844
                                                                                                                                • Instruction ID: f2d1778b2deff10b7484f20cfb2bf39a7330c10093fb5a6c3492e191c43a1ea2
                                                                                                                                • Opcode Fuzzy Hash: 23c83a617dd1c46285d9e1866852225306f73625050f18e6b8007fb9c3cfa844
                                                                                                                                • Instruction Fuzzy Hash: 9EE0D82150F7D40FDB529B35C4988E03F70EE1722030941EBD485CF4B3F918868AC741
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8e59d87ef683902bc80ed3969acdfa369a721d678e70ba0e2c52a17f28596719
                                                                                                                                • Instruction ID: da4b18ccbf97d037ef98e66c655ada094cc7d69b91799c805402b2f8fdf2fbd6
                                                                                                                                • Opcode Fuzzy Hash: 8e59d87ef683902bc80ed3969acdfa369a721d678e70ba0e2c52a17f28596719
                                                                                                                                • Instruction Fuzzy Hash: 93F0E534629F4D8FDB84EF58C8604643391FF58318B41065DE86DC72D1D731D552C701
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 86a981339c0c3fca77d6088570e233f1789ad7851d2446dfc47b80ee3be45d10
                                                                                                                                • Instruction ID: e4717be01bad2b7c9ee13925fb2c789ff507f3cd20b4d0980f576b2b0372c66a
                                                                                                                                • Opcode Fuzzy Hash: 86a981339c0c3fca77d6088570e233f1789ad7851d2446dfc47b80ee3be45d10
                                                                                                                                • Instruction Fuzzy Hash: D1E09231714A498FDB48DB64C0946E9B360FB54309F1041AAD40AC7285CA35E491CB41
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b8d1963fddd95c15230860d422fe9dd6584e264f36243aecdb549a92ae8456c7
                                                                                                                                • Instruction ID: b5b3cfb83dd4c18628cf447e7f8efe6a916afb8ed2113045aa24281c4b43e651
                                                                                                                                • Opcode Fuzzy Hash: b8d1963fddd95c15230860d422fe9dd6584e264f36243aecdb549a92ae8456c7
                                                                                                                                • Instruction Fuzzy Hash: 05E0C219F4ED0B06FF7C22B56CBA3B5A0D0AF06309F0B517B955EC10E9CC6C9E808152
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2b16e0a9aab0e6b81ecd85edca14912460e054a3a4483ec2383531d51dfa3c54
                                                                                                                                • Instruction ID: e04786a8b6ef7ba7dc97904d68d412fd23cdd7917c9cce07572a5bd03c0bae1f
                                                                                                                                • Opcode Fuzzy Hash: 2b16e0a9aab0e6b81ecd85edca14912460e054a3a4483ec2383531d51dfa3c54
                                                                                                                                • Instruction Fuzzy Hash: CBD05E81ADF6C50AD71E62B90C2A495BFC05E0311474A08FFC5C6CF1E3E85D05068312
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 74db826b2f071b3206189a448d29bf768dab7e98396940280633e25d7e8ee9d9
                                                                                                                                • Instruction ID: 77fc7ba67be3539349fc6ca20fd8086bbe5dd972d3af184e145fb211b3935819
                                                                                                                                • Opcode Fuzzy Hash: 74db826b2f071b3206189a448d29bf768dab7e98396940280633e25d7e8ee9d9
                                                                                                                                • Instruction Fuzzy Hash: 7BE0EC3690994C8FCF55EF98D455CD9B7A0FF55315F05019AE01DC7061EB31EA58CB82
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c3ffeea5b825c9cd3a31b3634ebef6f0ee7c0bde71a35f42271a586f801c4843
                                                                                                                                • Instruction ID: c9be6a21e26aaf765f0522ef1d213e65982716cea9115b413baf052639d90198
                                                                                                                                • Opcode Fuzzy Hash: c3ffeea5b825c9cd3a31b3634ebef6f0ee7c0bde71a35f42271a586f801c4843
                                                                                                                                • Instruction Fuzzy Hash: 47C01273B8EB090EA74CA468BC434F5B3D0D6821303402AABC5878284AF82BB4930289
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f207c1e22b55145c108c0fad94fcc44654bdaeb1a9f640bf474cb8584a28624d
                                                                                                                                • Instruction ID: 3959448ea91bc8e2786ce0acda6f870892e96ac693ca58757a4021320b2bee02
                                                                                                                                • Opcode Fuzzy Hash: f207c1e22b55145c108c0fad94fcc44654bdaeb1a9f640bf474cb8584a28624d
                                                                                                                                • Instruction Fuzzy Hash: 2ED0A720A11C0E0BDB0C7A3A885D87032E0FB64201BC800A5DC09C61B1FD2DC9D8C751
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e661a0edd386e943243b05c101ab33eaecdfee5d24387a5e716e87156d9df9e3
                                                                                                                                • Instruction ID: a0babf637953ac9b1055f74f090102537097e011f836c8c0efbec6a922c06471
                                                                                                                                • Opcode Fuzzy Hash: e661a0edd386e943243b05c101ab33eaecdfee5d24387a5e716e87156d9df9e3
                                                                                                                                • Instruction Fuzzy Hash: 4BD0A711B56C1D0FDB54F39C64225FEBA91EF48240FC125B9E21DC36C2CE18AB5103C2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 69224a6e3fcc44bd77c7b83abd6405fcd157a63114511d5d5906dbbed8a6d510
                                                                                                                                • Instruction ID: a0eba40eb58af2553c122570c446046a7ca6fbe04ef68f02042f6cac1432df4e
                                                                                                                                • Opcode Fuzzy Hash: 69224a6e3fcc44bd77c7b83abd6405fcd157a63114511d5d5906dbbed8a6d510
                                                                                                                                • Instruction Fuzzy Hash: FAD0C932F1982C9EAF54EAD8F8526ECB3E0FB49229B410137E50DD2192DA1565104780
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1bea91aabbe0c3e5098dc66a94643eef14574da3b2970631eb4b78267d791248
                                                                                                                                • Instruction ID: c502aeae2b6ba61b88160568074c839ac2a18a06644f1017559396ede73a2684
                                                                                                                                • Opcode Fuzzy Hash: 1bea91aabbe0c3e5098dc66a94643eef14574da3b2970631eb4b78267d791248
                                                                                                                                • Instruction Fuzzy Hash: C6C04C01B59C6D0A95ACB25C38652B881C1D78C66578515F3E80CD329EEC085D8203C1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 19d80aa93de2b666ea0152533d65bd038d2109641163ff57811e9ec421ff50b1
                                                                                                                                • Instruction ID: 880a13b3d6293063f2278d0f6aa307c3a67179c6dd2fde364d586a97678d4b56
                                                                                                                                • Opcode Fuzzy Hash: 19d80aa93de2b666ea0152533d65bd038d2109641163ff57811e9ec421ff50b1
                                                                                                                                • Instruction Fuzzy Hash: 24C0805120EDDD9FDEC4F61C445451427D1FF7579071444A6C04EC7190D560580D4701
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 93005f87bc03541f1494e06df2682aff824d4119dce4617db72001b9006a6e90
                                                                                                                                • Instruction ID: c68ff5a174a15203f1607c506f9d91a90d5efc290d457ab507f98cc143fb4c01
                                                                                                                                • Opcode Fuzzy Hash: 93005f87bc03541f1494e06df2682aff824d4119dce4617db72001b9006a6e90
                                                                                                                                • Instruction Fuzzy Hash: 7AB09204AA6A1B45EB082A728EA24E43580AF00294BE900B0ED48C80A2ED0CE6CD0260
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1bba78e4e62f1a6b3800d0daf641141ea166571724a66d63847d39cb544496e1
                                                                                                                                • Instruction ID: 6786ec0afd4fe8a740c3928ee41e247eb784c0f93ec07daf9ef05d172a1fdefe
                                                                                                                                • Opcode Fuzzy Hash: 1bba78e4e62f1a6b3800d0daf641141ea166571724a66d63847d39cb544496e1
                                                                                                                                • Instruction Fuzzy Hash: 68C09210F0AA4E5AE268EBA4C4622BE21836F8C605F538930E00E821EACD3CB7429255
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000009.00000002.2949665739.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_9_2_7ffd9bb80000_ScreenConnect.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5c3026d64bf09bdd589f937f1c09d517c5b3a62fa93d2c57e8afd7fc9ed254b6
                                                                                                                                • Instruction ID: df5ce0e5d56eb0f9ebc30cb47ff79494c4077d494ee676ed51487219e23b3723
                                                                                                                                • Opcode Fuzzy Hash: 5c3026d64bf09bdd589f937f1c09d517c5b3a62fa93d2c57e8afd7fc9ed254b6
                                                                                                                                • Instruction Fuzzy Hash: 1EA00240F0ED1E49E0716294C02217D40411F58615F228171D00F911EACD3C7B4252A6